The ThemeGrill Demo Importer plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the reset_wizard_actions function in versions 1.3.4 through 1.6.1. This makes it possible for authenticated attackers to reset the WordPress database. After which, if there is a user named 'admin', the attacker will become automatically logged in as an administrator.

Hacker101 CTF


Whether you've just started your hacker journey or you're just looking for some new challenges, the Hacker101 CTF has something for you.

Listed: