ThemeGrill Demo Importer
-
Our website was hacked due to the recent flaw with the ThemeGrill Demo Importer (more info: https://securityaffairs.co/wordpress/98032/hacking/themegrill-demo-importer-wordpress-flaw.html). All of our pages were deleted and we could not log into our administrative panel. We worked with our site host to successfully retrieve everything, and we updated the theme to 1.6.2, which we believed would fix the issue. However, this morning our site was down again. Our host was able to retrieve it again, but confirmed it was still an issue with our theme (Spacious). We’ve upgraded it to 1.6.3, changed all our passwords, and deleted the admin account, but we deactivated it for fears that this will happen again. Have you all addressed the issue completely, or is this still ongoing?
The page I need help with: [log in to see the link]
-
Today, I installed the plugin and the Spacious Store demo. My antivirus immediately notified me that my site was infected. It was only when trying to confirm that it was something to do with ThemeGrill/Spacious that I found this thread about a serious vulnerability that appeared in the demo importer almost a year ago.
My antivirus detected that my site tried to make a connection with oops . wpsandbox . io, which is infected with URL:Blacklist.
If this is a new issue, then that makes it at least two in 11 months. That suggests that ThemeGrill’s development process is flawed and it is too risky to use their code. Fortunately, my site is new and I can simply delete everything. Unfortunately, this cost me some valuable time.
- The topic ‘ThemeGrill Demo Importer’ is closed to new replies.
