Well, as a WordPress site owner, these are the kind of headlines you fear coming across because of the weight they carry. But truth be told, it looks like WordPress plugins are far from being completely free from bugs. Being an open source platform and a popular one at that, such instances (plugin bugs infestations) are expected because of WordPress’s vulnerability to attacks.
What does this imply to you as a site owner? Being on the lookout for the latest reports on what is happening in the WordPress world is one way of cushioning you from imminent attacks. There is also the issue of keeping tabs on updated plugin versions because developers are always working on strengthening plugin’s security. Moreover, you can use bug tracking WordPress plugins for timely reports on any prevailing bugs.
ThemeGrill Demo Importer
Back to the bug, a report by WebARX back in February pointed out that ThemeGrill Demo Importer was found to have flaws. The plugin is usually used by WordPress admins or site owners to import themes and widgets for site customization. At the time when the plugin was reported to be bugged, more than 200,000 sites were at risk of being wiped out by hackers. It had a vulnerability that could be manipulated by hackers and give them admin privileges.
The plugin would execute some functions (administrative) without proper authentication of the user running it. That gives anyone with access to the site the same privileges as to those of the admin (they can post images and other content on the site). Worse, any targeted websites or blogs could be done with where their databases could be wiped out within a moment. Having gained total control of the affected sites, it becomes difficult to get back your site from hackers unless you give in to their demands (which is mostly the case).
On how to overcome such mishaps, a VPN could come in handy. This review for Windscribe limited could get you started on the kind of VPN you need to invest in. How do VPNs fit in this narrative? Some VPNs come with features that enable you to see real-time user traffic which makes it easy to detect any unusual activity on your site. You, however, need to test VPN for leaks as not all VPNs in the market guarantee total protection.
Other WordPress Plugin Bugs
Away from ThemeGrill Demo Importer, there are some other plugins that were found with bugs too. The following plugins were found to have bugs that allowed anyone to inject an executable code on any site and take up administrative roles. They are as follows:
- Snippets Plugin
- GDPR Cookie Consent Plugin
- InfiniteWP plugin
In conclusion, from the look of things, it is evident that WordPress will always be a target for exploitative parties. For that, WordPress admins need to play their part well in protecting their sites (use trusted VPNs, update plugins, use antivirus software) at all costs otherwise consequences will be felt.
