cbcvebase.

Webfactoryltd Wp Database Reset vulnerabilities

3 known vulnerabilities affecting webfactoryltd/wp_database_reset.

Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH1MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2020-7047P2HIGHCVSS 8.8Exploited≤ 3.12020-01-16
CVE-2020-7047 [HIGH] CWE-269 CVE-2020-7047: The WordPress plugin, WP Database Reset through 3.1, contains a flaw that gave any authenticated use The WordPress plugin, WP Database Reset through 3.1, contains a flaw that gave any authenticated user, with minimal permissions, the ability (with a simple wp-admin/admin.php?db-reset-tables[]=users request) to escalate their privileges to administrator while dropping all other users from the table.
nvd
CVE-2020-7048P2CRITICALCVSS 9.1≤ 3.12020-01-16
CVE-2020-7048 [CRITICAL] CWE-306 CVE-2020-7048: The WordPress plugin, WP Database Reset through 3.1, contains a flaw that allowed any unauthenticate The WordPress plugin, WP Database Reset through 3.1, contains a flaw that allowed any unauthenticated user to reset any table in the database to the initial WordPress set-up state (deleting all site content stored in that table), as demonstrated by a wp-admin/admin-post.php?db-reset-tables[]=comments URI.
nvd
CVE-2024-1501P4MEDIUMCVSS 4.7fixed in 3.232024-02-21
CVE-2024-1501 [MEDIUM] CWE-352 CVE-2024-1501: The Database Reset plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions The Database Reset plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.22. This is due to missing or incorrect nonce validation on the install_wpr() function. This makes it possible for unauthenticated attackers to install the WP Reset Plugin via a forged request granted they can trick a site adminis
nvd
Webfactoryltd Wp Database Reset vulnerabilities | cvebase