PT-2020-19356 · WordPress · Wp Database Reset

Chloe Chamberland

Published

2020-01-16

Updated

2021-07-21

CVE-2020-7048

CVSS v3.1

9.1

Critical

Vector

AC:L/AV:N/A:H/C:N/I:H/PR:N/S:U/UI:N

Name of the Vulnerable Software and Affected Versions WP Database Reset versions 3.1 and earlier

Description The issue allows any unauthenticated user to reset any table in the database to the initial WordPress set-up state, resulting in the deletion of all site content stored in that table. This can be achieved through the "wp-admin/admin-post.php?db-reset-tables[]=comments" URI, which demonstrates the flaw.

Recommendations For WP Database Reset versions 3.1 and earlier, update to a version that contains a fix for this issue to prevent unauthorized database resets.

Exploit

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2020-7048

Affected Products

Wp Database Reset

PT-2020-19356 · WordPress · Wp Database Reset

CVE-2020-7048

Weakness Enumeration

Related Identifiers

Affected Products

References · 7