CVE-2026-40730
published 2026-04-15CVE-2026-40730: Missing Authorization vulnerability in ThemeGrill ThemeGrill Demo Importer themegrill-demo-importer allows Exploiting Incorrectly Configured Access Control…
PriorityP428medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
0.19%
9.4th percentile
Missing Authorization vulnerability in ThemeGrill ThemeGrill Demo Importer themegrill-demo-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ThemeGrill Demo Importer: from n/a through <= 2.0.0.6.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| themegrill | themegrill_demo_importer | <= 2.0.0.6 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-r489-83w6-974f: Missing Authorization vulnerability in ThemeGrill ThemeGrill Demo Importer themegrill-demo-importer allows Exploiting Incorrectly Configured Access Co
ghsa_unreviewed·2026-04-21
CVE-2026-40730 [MEDIUM] CWE-862 GHSA-r489-83w6-974f: Missing Authorization vulnerability in ThemeGrill ThemeGrill Demo Importer themegrill-demo-importer allows Exploiting Incorrectly Configured Access Co
Missing Authorization vulnerability in ThemeGrill ThemeGrill Demo Importer themegrill-demo-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ThemeGrill Demo Importer: from n/a through <= 2.0.0.6.
VulDB
ThemeGrill Demo Importer Plugin up to 2.0.0.6 on WordPress authorization
vuldb·2026-04-15
CVE-2026-40730 [CRITICAL] ThemeGrill Demo Importer Plugin up to 2.0.0.6 on WordPress authorization
A vulnerability classified as critical was found in ThemeGrill Demo Importer Plugin up to 2.0.0.6 on WordPress. This affects an unknown part. Executing a manipulation can lead to missing authorization.
This vulnerability is registered as CVE-2026-40730. It is possible to launch the attack remotely. No exploit is available.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-15
Published