10,000 WordPress Sites Protected Against Site Reset and Privilege Escalation Vulnerability in Demo Importer Plus WordPress Plugin

On November 27th, 2025, we received a submission for a Site Reset and Privilege Escalation vulnerability in Demo Importer Plus, a WordPress plugin with more than 10,000 active installations. This vulnerability can be leveraged to trigger a full site reset and assign the administrator role to the attacker’s account.

Props to shark3y who discovered and responsibly reported this vulnerability through the Wordfence Bug Bounty Program. This researcher earned a bounty of $195.00 for this discovery. Our mission is to secure WordPress through defense in depth, which is why we are investing in quality vulnerability research and collaborating with researchers of

Click here to continue reading this article.

István Márton

Author archive

January 8, 2026

Plugins, Research, Vulnerabilities, WordPress Blogs, WordPress Plugin Vulnerability News January 2026, WordPress Security, WordPress Security News January 2026

Comments are closed.

Up ↑

Your WordPress News Dashboard

10,000 WordPress Sites Protected Against Site Reset and Privilege Escalation Vulnerability in Demo Importer Plus WordPress Plugin

István Márton

Latest posts

Text widget

Sponsored by WP Mayor

Latest posts

Built with WP RSS Aggregator