Critical severity9.9NVD Advisory· Published Oct 16, 2024· Updated Apr 15, 2026
CVE-2020-36837
CVE-2020-36837
Description
The ThemeGrill Demo Importer plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the reset_wizard_actions function in versions 1.3.4 through 1.6.1. This makes it possible for authenticated attackers to reset the WordPress database. After which, if there is a user named 'admin', the attacker will become automatically logged in as an administrator.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2>=1.3.4,<=1.6.1+ 1 more
- (no CPE)range: >=1.3.4,<=1.6.1
- (no CPE)range: 1.3.4 - 1.6.1
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.