CVE-2026-40730
Received Received - Intake
Missing Authorization in ThemeGrill Demo Importer Allows Unauthorized Access

Publication date: 2026-04-15

Last updated on: 2026-04-21

Assigner: Patchstack

Description
Missing Authorization vulnerability in ThemeGrill ThemeGrill Demo Importer themegrill-demo-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ThemeGrill Demo Importer: from n/a through <= 2.0.0.6.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-15
Last Modified
2026-04-21
Generated
2026-06-16
AI Q&A
2026-04-15
EPSS Evaluated
2026-06-15
NVD
CVE-2026-40730
EUVD
EUVD-2026-22887
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
themegrill themegrill_demo_importer to 2.0.0.6 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify how the Missing Authorization vulnerability in ThemeGrill Demo Importer affects compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-40730 is a Broken Access Control vulnerability in the WordPress ThemeGrill Demo Importer Plugin versions up to and including 2.0.0.6.

This issue arises from missing authorization, authentication, or nonce token checks in certain functions, allowing unauthenticated users to perform actions that require higher privileges.

The vulnerability is classified under the OWASP Top 10 category A1: Broken Access Control.

Impact Analysis

This vulnerability allows unauthenticated users to perform actions that normally require higher privileges, potentially leading to unauthorized changes or access within the affected WordPress plugin.

Although the CVSS score is 5.3, indicating a low severity impact, such vulnerabilities are often exploited in mass campaigns targeting many websites indiscriminately.

Exploitation requires no privileges, which emphasizes the importance of timely patching to prevent unauthorized access or actions.

Mitigation Strategies

The immediate step to mitigate this vulnerability is to update the ThemeGrill Demo Importer plugin to version 2.0.0.7 or later, where the issue has been patched.

Since the vulnerability requires no privileges to exploit, timely patching is critical to prevent unauthorized actions.

Additionally, using automated update tools such as those offered by Patchstack can help ensure rapid vulnerability mitigation.

Detection Guidance

This vulnerability is a Broken Access Control issue in the ThemeGrill Demo Importer WordPress plugin versions up to 2.0.0.6, caused by missing authorization checks allowing unauthenticated users to perform privileged actions.

Detection typically involves checking the plugin version installed on your WordPress site to see if it is 2.0.0.6 or earlier, as these versions are vulnerable.

You can detect the vulnerable plugin version by running commands to list installed WordPress plugins and their versions, for example:

  • Using WP-CLI: wp plugin list --status=active
  • Manually checking the plugin's readme or main PHP file in the wp-content/plugins/themegrill-demo-importer directory for the version number.

Additionally, monitoring HTTP requests to the plugin's endpoints for unauthorized access attempts or unusual activity could help identify exploitation attempts, but specific commands or signatures are not provided.

The recommended mitigation is to update the plugin to version 2.0.0.7 or later.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-40730. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart