WordPress Plugin Bug Lets Subscribers Wipe Sites

Posted by:

|

On:

|

The flaw, found in the Hashthemes Demo Importer plugin, allows any authenticated user to exsanguinate a vulnerable site, deleting nearly all database content and uploaded media.

Posted by

in