Themegrill: >> Themegrill Demo Importer >> 1.5.6 Security Vulnerabilities
themegrill-demo-importer before 1.6.2 does not require authentication for wiping the database, because of a reset_wizard_actions hook.
CVSS Score
9.1
EPSS Score
0.473
Published
2021-05-05
themegrill-demo-importer before 1.6.3 allows CSRF, as demonstrated by wiping the database.
CVSS Score
8.8
EPSS Score
0.001
Published
2021-05-05