Privilege Escalation Flaw in WP Database Reset Plugin by WordPress
CVE-2020-7047

9.9CRITICAL

Key Information:

Vendor
Wordpress
Status
WP Database Reset
Vendor
CVE Published:
16 January 2020

Summary

The WP Database Reset plugin for WordPress, up to version 3.1, allows any authenticated user, even with minimal permissions, to escalate their privileges to administrator. This vulnerability can be exploited with a straightforward request, leading to potential unauthorized access and dropping all other users from the database table, causing significant disruptions and security risks.

References

https://wordpress.org/plugins/wordpress-database-reset/#d...
x_refsource_MISC
https://wpvulndb.com/vulnerabilities/10028
x_refsource_MISC
https://www.wordfence.com/blog/2020/01/easily-exploitable...
x_refsource_MISC

CVSS V3.1

Score:
9.9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.