This vicious WordPress plugin bug could wipe your whole site

Cybersecurity researchers have helped patch a high-severity rated security flaw in a popular WordPress plugin, which could be exploited to completely wipe and reset any vulnerable WordPress website.

Discovered by WordPress security experts Wordfence, the vulnerability exists in the Hashthemes Demo Importer plugins that boasts of more than 8,000 active installs, and is designed to help admins import demos for WordPress themes with a single click.

Source link