PT-2020-19355 · WordPress · Wp Database Reset

Published

2020-01-16

Updated

2020-01-24

CVE-2020-7047

CVSS v3.1

9.9

Critical

Vector

AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N

Name of the Vulnerable Software and Affected Versions WP Database Reset versions 3.1 and earlier

Description The issue allows any authenticated user with minimal permissions to escalate their privileges to administrator by sending a request to the "wp-admin/admin.php?db-reset-tables[]=users" API endpoint, resulting in the removal of all other users from the table.

Recommendations For WP Database Reset versions 3.1 and earlier, update to a version that contains a fix for this issue to prevent privilege escalation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

CVE-2020-7047

Affected Products

Wp Database Reset

PT-2020-19355 · WordPress · Wp Database Reset

CVE-2020-7047

Weakness Enumeration

Related Identifiers

Affected Products

References · 5