Unauthenticated Database Reset Vulnerability in ThemeGrill Demo Importer
CVE-2020-36333

9.1CRITICAL

Key Information:

Vendor: Themegrill
Status: Themegrill Demo Importer
Vendor: CVE Published:; 5 May 2021

What is CVE-2020-36333?

A significant security issue exists in ThemeGrill Demo Importer versions prior to 1.6.2, allowing unauthorized users to wipe the database without the need for authentication. This vulnerability is linked to the reset_wizard_actions hook, which can be exploited to compromise site integrity. Implement corrective measures by updating to the latest version to mitigate risks associated with this vulnerability.

References

https://www.webarxsecurity.com/critical-issue-in-themegri...

x_refsource_MISC

https://www.openwall.com/lists/oss-security/2020/02/19/1

x_refsource_MISC

EPSS Score

55% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 5, 2021
Vulnerability Reserved
May 5, 2021

Themegrill

What is CVE-2020-36333?

References

EPSS Score

CVSS V3.1

Timeline