CVE-2020-36333
published 2021-05-05CVE-2020-36333: themegrill-demo-importer before 1.6.2 does not require authentication for wiping the database, because of a reset_wizard_actions hook.
PriorityP182critical9.1CVSS 3.1
AVNACLPRNUINSUCNIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
3.43%
87.4th percentile
themegrill-demo-importer before 1.6.2 does not require authentication for wiping the database, because of a reset_wizard_actions hook.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| themegrill | themegrill_demo_importer | < 1.6.2 | 1.6.2 |
Detection & IOCsextracted from sources · hover to see the quote
path/plugins/themegrill-demo-importer
- →HTTP GET request to /wp-admin/admin-post.php with do_reset_wordpress=1 parameter (no authentication required) triggers database wipe ↗
- →Successful exploitation returns HTTP 302 redirect with both 'wordpress_logged_in_' and 'reset=true' present in response headers, and an empty body ↗
- →The vulnerable hook is reset_wizard_actions; monitor WordPress action hooks for unauthenticated calls to this hook ↗
- →After successful exploitation, the attacker is automatically logged in as administrator — look for unexpected admin session cookies (wordpress_logged_in_*) immediately following a reset=true redirect ↗
- ·Vulnerability only affects ThemeGrill Demo Importer versions 1.3.4 through 1.6.1 (inclusive); versions below 1.3.4 and 1.6.2+ are not affected ↗
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:P
vulncheck9.1CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3q59-p3w9-wv54: themegrill-demo-importer before 1
ghsa_unreviewed·2022-05-24
CVE-2020-36333 [CRITICAL] CWE-306 GHSA-3q59-p3w9-wv54: themegrill-demo-importer before 1
themegrill-demo-importer before 1.6.2 does not require authentication for wiping the database, because of a reset_wizard_actions hook.
VulnCheck
themegrill themegrill_demo_importer Missing Authentication for Critical Function
vulncheck·2020·CVSS 9.1
CVE-2020-36333 [CRITICAL] themegrill themegrill_demo_importer Missing Authentication for Critical Function
themegrill themegrill_demo_importer Missing Authentication for Critical Function
themegrill-demo-importer before 1.6.2 does not require authentication for wiping the database, because of a reset_wizard_actions hook.
Affected: themegrill themegrill_demo_importer
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://patchstack.com/articles/critical-issue-in-themegrill-demo-importer/
No detection rules found.
Nuclei
ThemeGrill Demo Importer < 1.6.2 - Database Reset
nuclei·CVSS 9.1
CVE-2020-36333 [CRITICAL] ThemeGrill Demo Importer < 1.6.2 - Database Reset
ThemeGrill Demo Importer < 1.6.2 - Database Reset
ThemeGrill Demo Importer before 1.6.2 does not require authentication for wiping the database due to a reset_wizard_actions hook. In versions 1.3.4 and above and versions 1.6.1 and below, there is a vulnerability that allows any unauthenticated user to wipe the entire database to its default state after which they are automatically logged in as an administrator.
Template:
id: CVE-2020-36333
info:
name: ThemeGrill Demo Importer < 1.6.2 - Database Reset
author: iamnoooob,pdresearch
severity: critical
description: |
ThemeGrill Demo Importer before 1.6.2 does not require authentication for wiping the database due to a reset_wizard_actions hook. In versions 1.3.4 and above and versions 1.6.1 and below, there is a vulnerability that allows an
No writeups or analysis indexed.
2021-05-05
Published
Exploited in the wild