Flaw in ThemeGrill plugin lets attackers wipe sites clean and possibly take them over.
Dan Goodin - 2/18/2020
Hackers are actively exploiting a critical WordPress plugin vulnerability that allows them to completely wipe all website databases and, in some cases, seize complete control of affected sites.
The flaw is in the ThemeGrill Demo Importer installed on some 100,000 sites, and it was disclosed over the weekend by Website security company WebARX. By Tuesday, WebArx reported that the flaw was under active exploit with almost 17,000 attacks blocked so far. Hanno Böck, a journalist who works for Golem.de, had spotted active attacks several hours before and reported them on Twitter.