ThemeGrill Demo Importer for WordPress has been updated to remove a critical bug that gives admin privileges to unauthenticated users. The vulnerability is present on more than 200,000 WordPress sites. The plugin is used for easy import of WordPress themes demo content, widgets, and settings. The bug is present in versions of the plugin 1.3.4 up to 1.6.1. The most popular active versions are 1.4 through.1.6, which account for more than 98% of current installations.
Source: https://www.bleepingcomputer.com/news/security/unsafe-wordpress-plugin-installed-on-nearly-200-000-sites/