Description

WordPress Plugin WP Database Reset is prone to multiple security bypass vulnerabilities. Exploiting these issues may allow attackers to perform otherwise restricted actions and subsequently reset any table from the database to the initial WordPress set-up state, or grant their account administrative privileges. WordPress Plugin WP Database Reset version 3.1 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 3.15 or latest

References

https://www.wordfence.com/blog/2020/01/easily-exploitable-vulnerabilities-patched-in-wp-database-reset-plugin/

https://plugins.svn.wordpress.org/wordpress-database-reset/trunk/readme.txt

Related Vulnerabilities

WordPress Plugin WordPress Related Posts Cross-Site Request Forgery (2.6.1)

Seo Panel Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2024-22646)

WordPress Plugin WooCommerce PDF Invoices & Packing Slips Cross-Site Scripting (2.0.12)

WordPress Plugin Twitter Button by BestWebSoft Cross-Site Scripting (2.54)

WordPress Plugin Photoswipe Masonry Gallery Unspecified Vulnerability (1.2.17)

Severity

High

Classification

CVE-2020-7047 CVE-2020-7048 CWE-264 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass