VYPR

Themegrill Demo Importer

by WordPress

Source repositories

CVEs (4)

  • CVE-2020-36333CriMay 5, 2021
    risk 0.59cvss 9.1epss 0.03

    themegrill-demo-importer before 1.6.2 does not require authentication for wiping the database, because of a reset_wizard_actions hook.

  • CVE-2020-36837CriOct 16, 2024
    risk 0.57cvss 9.9epss 0.01

    The ThemeGrill Demo Importer plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the reset_wizard_actions function in versions 1.3.4 through 1.6.1. This makes it possible for authenticated attackers to reset the WordPress database.…

  • CVE-2026-40730MedApr 15, 2026
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in ThemeGrill ThemeGrill Demo Importer themegrill-demo-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ThemeGrill Demo Importer: from n/a through <= 2.0.0.6.

  • CVE-2022-1538Jan 16, 2024
    risk 0.00cvss epss 0.01

    Theme Demo Import WordPress plugin before 1.1.1 does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files (such as PHP) even when FILE_MODS and FILE_EDIT are disallowed.