Themegrill Demo Importer vulnerabilities
4 known vulnerabilities affecting themegrill/themegrill_demo_importer.
Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
2
Severity breakdown
CRITICAL2HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2020-36333P1CRITICALCVSS 9.1ExploitedPoCfixed in 1.6.22021-05-05
CVE-2020-36333 [CRITICAL] CWE-306 CVE-2020-36333: themegrill-demo-importer before 1.6.2 does not require authentication for wiping the database, becau
themegrill-demo-importer before 1.6.2 does not require authentication for wiping the database, because of a reset_wizard_actions hook.
nvd
CVE-2020-36837P1CRITICALCVSS 9.9Exploited≥ 1.3.4, ≤ 1.6.12024-10-16
CVE-2020-36837 [CRITICAL] CWE-862 CVE-2020-36837: The ThemeGrill Demo Importer plugin for WordPress is vulnerable to authentication bypass due to a mi
The ThemeGrill Demo Importer plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the reset_wizard_actions function in versions 1.3.4 through 1.6.1. This makes it possible for authenticated attackers to reset the WordPress database. After which, if there is a user named 'admin', the attacker will become
nvd
CVE-2020-36334P3HIGHCVSS 8.8fixed in 1.6.32021-05-05
CVE-2020-36334 [HIGH] CWE-352 CVE-2020-36334: themegrill-demo-importer before 1.6.3 allows CSRF, as demonstrated by wiping the database.
themegrill-demo-importer before 1.6.3 allows CSRF, as demonstrated by wiping the database.
nvd
CVE-2026-40730P4MEDIUMCVSS 5.3≤ 2.0.0.62026-04-15
CVE-2026-40730 [MEDIUM] CWE-862 CVE-2026-40730: Missing Authorization vulnerability in ThemeGrill ThemeGrill Demo Importer themegrill-demo-importer
Missing Authorization vulnerability in ThemeGrill ThemeGrill Demo Importer themegrill-demo-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ThemeGrill Demo Importer: from n/a through <= 2.0.0.6.
nvd