ThemeGrill Demo Importer is a popular plugin that allows WordPress website administrators to import demo content, widgets and settings for ThemeGrill themes.

Researchers at web security company WebARX discovered recently that versions 1.3.4 through 1.6.1 of the plugin are affected by a critical vulnerability that allows an unauthenticated attacker to wipe the entire database of a WordPress website. The researchers believe the flaw has existed for the past 3 years.