CVE-2020-7048

Published: Jan 16, 2020Modified: Nov 21, 2024

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Exploitability: 3.9 / Impact: 5.2

Source: NVD

Description

The WordPress plugin, WP Database Reset through 3.1, contains a flaw that allowed any unauthenticated user to reset any table in the database to the initial WordPress set-up state (deleting all site content stored in that table), as demonstrated by a wp-admin/admin-post.php?db-reset-tables[]=comments URI.

Affected (1)

Products: Webfactoryltd: Wp Database Reset

1 product

Wp Database Reset

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Webfactoryltd Wp Database Reset	Up to 3.1

Related CWEs

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (6)

https://wordpress.org/plugins/wordpress-database-reset/#developers

Source: cve@mitre.org

Release NotesThird Party Advisory

https://wpvulndb.com/vulnerabilities/10027

Source: cve@mitre.org

Third Party Advisory

https://www.wordfence.com/blog/2020/01/easily-exploitable-vulnerabilities-patched-in-wp-database-reset-plugin/

Source: cve@mitre.org

ExploitPatchThird Party Advisory

https://wordpress.org/plugins/wordpress-database-reset/#developers

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

https://wpvulndb.com/vulnerabilities/10027

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.wordfence.com/blog/2020/01/easily-exploitable-vulnerabilities-patched-in-wp-database-reset-plugin/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchThird Party Advisory

Timeline

No history available yet.