Authenticated Database Reset vulnerability in WordPress WP Reset PRO Premium plugin (versions <= 5.98) allows any authenticated user to wipe the entire database regardless of their authorization. It leads to a complete website reset and takeover.
References
Link | Resource |
---|---|
https://patchstack.com/database/vulnerability/wp-reset/wordpress-wp-reset-pro-premium-plugin-5-98-authenticated-database-reset-vulnerability | Third Party Advisory |
https://patchstack.com/wp-reset-pro-critical-vulnerability-fixed/ | Exploit Third Party Advisory |
https://wpreset.com/changelog/ | Release Notes Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Patchstack
Published: 2021-11-10T00:00:00
Updated: 2021-11-18T14:41:05
Reserved: 2021-07-19T00:00:00
Link: CVE-2021-36909
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-11-18T15:15:09.893
Modified: 2022-10-27T17:00:00.577
Link: CVE-2021-36909
JSON object: View
Redhat Information
No data.