Description
Missing Authorization vulnerability in ThemeGrill ThemeGrill Demo Importer themegrill-demo-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ThemeGrill Demo Importer: from n/a through <= 2.0.0.6.
Published: 2026-04-15
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access / Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is a missing authorization flaw in the ThemeGrill Demo Importer WordPress plugin that allows an attacker to exploit incorrectly configured access control levels and perform administrative actions within the plugin without proper authentication, potentially exposing sensitive data or enabling further exploitation.

Affected Systems

ThemeGrill Demo Importer plugin for WordPress, all versions up to and including 2.0.0.6. The affected software is distributed under the name ThemeGrill Demo Importer; no additional version details beyond the upper bound are provided.

Risk and Exploitability

The CVE does not list an EPSS score or inclusion in the CISA KEV catalog, indicating that exploitation trends are not known to be widespread. Based on the description, it is inferred that an attacker can access the plugin’s import endpoint by sending a crafted HTTP request directly to the import URL or by submitting a form within the WordPress administrative interface. Because the flaw requires no authentication, any actor who can reach the affected site—whether authenticated or not—could trigger the import action and gain access to administrative capabilities. The missing authorization control (CWE‑862) represents a high‑impact security weakness that can lead to full privilege escalation on the WordPress installation.

Generated by OpenCVE AI on April 15, 2026 at 11:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade ThemeGrill Demo Importer to a version newer than 2.0.0.6.
  • Restrict the visibility of the plugin’s import triggers so that only administrators or trusted roles in WordPress can access the Importer functions, ensuring other user roles cannot reach the import page.
  • Implement network‑level hardening such as a Web Application Firewall to block unauthorized or suspicious requests to the plugin’s import endpoints.

Generated by OpenCVE AI on April 15, 2026 at 11:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 15 Apr 2026 13:45:00 +0000

Type Values Removed Values Added
First Time appeared Themegrill
Themegrill themegrill Demo Importer
Wordpress
Wordpress wordpress
Vendors & Products Themegrill
Themegrill themegrill Demo Importer
Wordpress
Wordpress wordpress

Wed, 15 Apr 2026 10:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in ThemeGrill ThemeGrill Demo Importer themegrill-demo-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ThemeGrill Demo Importer: from n/a through <= 2.0.0.6.
Title WordPress ThemeGrill Demo Importer plugin <= 2.0.0.6 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Themegrill Themegrill Demo Importer
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-15T10:21:33.831Z

Reserved: 2026-04-15T09:19:28.916Z

Link: CVE-2026-40730

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-15T11:16:35.807

Modified: 2026-04-15T11:16:35.807

Link: CVE-2026-40730

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T13:44:58Z

Weaknesses