ThemeGrill plugin with over 200,000 active installations contains severe but easy-to-exploit software vulnerability. Unauthenticated remote attackers could be able to wipe entire database of targeted websites to its default state. The vulnerability affects plugin version 1.3.4 up to 1.6.1, all released in the last 3 years. Vulnerability has been reported by WebARX security company, who released a patched version of the plugin on February 16. The plugin is available for free as well as premium themes sold by the software development company Themegrill.
Source: https://thehackernews.com/2020/02/themegrill-wordpress-plugin.html