WordPress Plugin Vulnerabilities

WP Reset Pro < 5.99 - Database Reset via CSRF

Description

The plugin does not have CSRF check when resetting the database, which could allow attacker to make logged in users reset it

Note: This affect only the pro version of the plugin, however both the free and pro have the same slug.

Affects Plugins

Plugin icon
wp-reset
Fixed in 5.99

References

CVE
CVE-2021-36908

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
9.6 (critical)

Miscellaneous

Original Researcher
Dave Jong
Verified
No
WPVDB ID
0349b131-58d3-4596-82bc-6705b5ec962f

Timeline

Publicly Published
2021-11-10 (about 4 years ago)
Added
2021-11-18 (about 4 years ago)
Last Updated
2022-04-08 (about 4 years ago)

Other

Published
Title
Published
2025-01-16
Title
WP Cookies Alert <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2024-03-29
Title
Slugs Manager < 2.7.0 - Cross-Site Request Forgery
Published
2025-01-20
Title
AnyRoad <= 1.3.2 - Cross-Site Request Forgery
Published
2015-09-07
Title
Contact Form Generator < 2.5.5 - Multiple Cross-Site Request Forgery (CSRF)
Published
2023-02-20
Title
Starter Templates <= 3.1.20 - Settings Update via CSRF