The WordPress plugin, WP Database Reset through 3.1, contains a flaw that allowed any unauthenticated user to reset any table in the database to the initial WordPress set-up state (deleting all site content stored in that table), as demonstrated by a wp-admin/admin-post.php?db-reset-tables[]=comments URI.
References
Link | Resource |
---|---|
https://wordpress.org/plugins/wordpress-database-reset/#developers | Release Notes Third Party Advisory |
https://wpvulndb.com/vulnerabilities/10027 | Third Party Advisory |
https://www.wordfence.com/blog/2020/01/easily-exploitable-vulnerabilities-patched-in-wp-database-reset-plugin/ | Exploit Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-01-16T20:35:15
Updated: 2020-01-16T20:35:41
Reserved: 2020-01-14T00:00:00
Link: CVE-2020-7048
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-01-16T21:15:12.350
Modified: 2021-07-21T11:39:23.747
Link: CVE-2020-7048
JSON object: View
Redhat Information
No data.
CWE