WordPress Plugin Vulnerabilities

WP Reset Pro < 5.99 - Subscriber+ Database Reset

Description

The plugin does not have proper authorisation, allowing any authenticated users, such as subscriber, to reset the database of the blog

Note: This affect only the pro version of the plugin, however both the free and pro have the same slug.

Affects Plugins

Plugin icon
wp-reset
Fixed in 5.99

References

CVE
CVE-2021-36909

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
9.9 (critical)

Miscellaneous

Original Researcher
Dave Jong
Verified
No
WPVDB ID
162b8289-8495-4b8c-979f-55df6a20bc04

Timeline

Publicly Published
2021-11-10 (about 4 years ago)
Added
2021-11-18 (about 4 years ago)
Last Updated
2022-04-08 (about 4 years ago)

Other

Published
Title
Published
2025-10-24
Title
GenerateBlocks < 2.1.2 - Contributor+ Arbitrary Options Disclosure
Published
2024-09-25
Title
Sunshine Photo Cart < 3.2.9 - Missing Authorization
Published
2026-03-20
Title
Group Chat & Video Chat by AtomChat < 1.1.8 - Missing Authorization to Authenticated (Subscriber+) Plugin Options Update
Published
2024-02-14
Title
WP Setup Wizard < 1.0.8.2 - Authenticated (Subscriber+) Full Database Download
Published
2025-04-09
Title
WooCommerce Multilingual & Multicurrency < 5.3.9 - Unauthenticated Tax Sync Settings Update