CVE-2020-7048
published 2020-01-16CVE-2020-7048: The WordPress plugin, WP Database Reset through 3.1, contains a flaw that allowed any unauthenticated user to reset any table in the database to the initial…
PriorityP260critical9.1CVSS 3.1
AVNACLPRNUINSUCNIHAH
EPSS
22.93%
97.5th percentile
The WordPress plugin, WP Database Reset through 3.1, contains a flaw that allowed any unauthenticated user to reset any table in the database to the initial WordPress set-up state (deleting all site content stored in that table), as demonstrated by a wp-admin/admin-post.php?db-reset-tables[]=comments URI.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| webfactoryltd | wp_database_reset | <= 3.1 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploit attempts by matching request path containing 'admin' AND query string containing 'db-reset-tables' ↗
- →Qualys WAS QID 150274 provides passive detection of the vulnerable WP Database Reset plugin ↗
- →No authentication is required to trigger the vulnerability — monitor for unauthenticated POST requests to admin-post.php with db-reset-tables parameter ↗
- ·Vulnerability affects WP Database Reset plugin versions prior to 3.15 only ↗
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
nvdv3.09.1CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Qualys
Wordpress Database Reset Plugin Vulnerability (CVE-2020-7047, CVE-2020-7048) | Qualys
blogs_qualys·2020-01-24·CVSS 8.8
CVE-2020-7047 [HIGH] Wordpress Database Reset Plugin Vulnerability (CVE-2020-7047, CVE-2020-7048) | Qualys
A vulnerability recently disclosed by Wordfence and published as CVE-2020-7047 and CVE-2020-7048 allows an attacker to take over vulnerable WordPress-based websites.
Functionality in the WP Database Reset plugin introduced the vulnerability, which allows any unauthenticated user to reset any table in the database to its initial state when it was installed, deleting all the content in the database.
Details about the vulnerability can be found at CVE-2020-7047 and CVE-2020-7048.
It is also possible for an attacker to completely take over the target application. Given that all the data can be deleted from the database, an attacker can delete the designated WordPress admin and take over the role and become administrator of the website.
The vulnerability affects the WordPress Database Reset
Qualys
WordPress Database Reset Plugin Vulnerability (CVE-2020-7047, CVE-2020-7048)
blogs_qualys·2020-01-24·CVSS 8.8
CVE-2020-7047 [HIGH] WordPress Database Reset Plugin Vulnerability (CVE-2020-7047, CVE-2020-7048)
A vulnerability recently disclosed by Wordfence and published as CVE-2020-7047 and CVE-2020-7048 allows an attacker to take over vulnerable WordPress-based websites.
Functionality in the WP Database Reset plugin introduced the vulnerability, which allows any unauthenticated user to reset any table in the database to its initial state when it was installed, deleting all the content in the database.
Details about the vulnerability can be found at CVE-2020-7047 and CVE-2020-7048 .
It is also possible for an attacker to completely take over the target application. Given that all the data can be deleted from the database, an attacker can delete the designated WordPress admin and take over the role and become administrator of the website.
The vulnerability affects the WordPress Database Rese
https://wordpress.org/plugins/wordpress-database-reset/#developershttps://wpvulndb.com/vulnerabilities/10027https://www.wordfence.com/blog/2020/01/easily-exploitable-vulnerabilities-patched-in-wp-database-reset-plugin/https://wordpress.org/plugins/wordpress-database-reset/#developershttps://wpvulndb.com/vulnerabilities/10027https://www.wordfence.com/blog/2020/01/easily-exploitable-vulnerabilities-patched-in-wp-database-reset-plugin/
2020-01-16
Published