cleantalk
Vulnerabilities and Security Researches

ThemeGrill Demo Importer, CVE-2020-36837

CVE, Research URL

CVE-2020-36837

Home page URL

Security reports for ThemeGrill Demo Importer

Application

ThemeGrill Demo Importer

Published on
Oct 16, 2024
Research Description
The ThemeGrill Demo Importer plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the reset_wizard_actions function in versions 1.3.4 through 1.6.1. This makes it possible for authenticated attackers to reset the WordPress database. After which, if there is a user named 'admin', the attacker will become automatically logged in as an administrator.
Affected versions
max 1.6.2.
Status
vulnerable
Previous vulnerability researches
ThemeGrill Demo Importer (CVE-2020-36837) , Oct 17, 2024
ThemeGrill Demo Importer (CVE-2026-40730) , Apr 17, 2026
ThemeGrill Demo Importer (68284e071e534422835c01a36dda7e67d95fd795) , Jun 07, 2024
New vulnerability
VI: Include Post By (CVE-2026-5717) , Apr 17, 2026
Responsive Accordion Slider (CVE-2026-0635) , Apr 17, 2026
Petje.af (CVE-2026-4002) , Apr 17, 2026
LinkedIn SC (CVE-2026-0812) , Apr 17, 2026
Coachific Shortcode (CVE-2026-4005) , Apr 17, 2026