Description

WordPress Plugin WP Database Reset is prone to multiple security bypass vulnerabilities. Exploiting these issues may allow attackers to perform otherwise restricted actions and subsequently reset any table from the database to the initial WordPress set-up state, or grant their account administrative privileges. WordPress Plugin WP Database Reset version 3.1 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 3.15 or latest

References

https://www.wordfence.com/blog/2020/01/easily-exploitable-vulnerabilities-patched-in-wp-database-reset-plugin/

https://plugins.svn.wordpress.org/wordpress-database-reset/trunk/readme.txt

Related Vulnerabilities

Oracle Database Server CVE-2016-0499 Vulnerability (CVE-2016-0499)

WordPress Plugin WordPress WP-Advanced-Search SQL Injection (3.3.5)

Oracle Database Server CVE-2006-5345 Vulnerability (CVE-2006-5345)

Apache HTTP Server Resource Management Errors Vulnerability (CVE-2011-1928)

WordPress Plugin Login by Auth0 Cross-Site Scripting (3.11.2)

Severity

High

Classification

CVE-2020-7047 CVE-2020-7048 CWE-264 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass