Description

WordPress Plugin WP Database Reset is prone to multiple security bypass vulnerabilities. Exploiting these issues may allow attackers to perform otherwise restricted actions and subsequently reset any table from the database to the initial WordPress set-up state, or grant their account administrative privileges. WordPress Plugin WP Database Reset version 3.1 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 3.15 or latest

References

https://www.wordfence.com/blog/2020/01/easily-exploitable-vulnerabilities-patched-in-wp-database-reset-plugin/

https://plugins.svn.wordpress.org/wordpress-database-reset/trunk/readme.txt

Related Vulnerabilities

WordPress Plugin Follow Me Cross-Site Request Forgery (3.1.1)

Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-2889)

WordPress Plugin Custom Login Cross-Site Scripting (3.2)

Perl Numeric Errors Vulnerability (CVE-2013-7422)

WordPress Plugin WP Featured Post with thumbnail 'src' Parameter Cross-Site Scripting (3.0)

Severity

High

Classification

CVE-2020-7047 CVE-2020-7048 CWE-264 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass