WordPress Plugin Vulnerabilities

WP Database Reset < 3.15 - Unauthenticated Database Reset

Description

This flaw "allowed any unauthenticated user to reset any table from the database to the initial WordPress set-up state."

Proof of Concept

Affects Plugins

Plugin icon
wordpress-database-reset
Fixed in 3.15

References

CVE
CVE-2020-7048
URL
https://www.wordfence.com/blog/2020/01/easily-exploitable-vulnerabilities-patched-in-wp-database-reset-plugin/

Classification

Type
AUTHBYPASS
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-287
CVSS
9.1 (critical)

Miscellaneous

Original Researcher
Chloe Chamberland
Submitter
Chloe Chamberland
Submitter website
https://www.wordfence.com/
Submitter twitter
infosecchloe
Verified
No
WPVDB ID
8cb84b6c-f0cd-410d-8a85-90c031dea2c8

Timeline

Publicly Published
2020-01-16 (about 6 years ago)
Added
2020-01-16 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2015-03-19
Title
All-in-One WP Migration < 2.0.5 - Unauthenticated Database Export
Published
2016-07-03
Title
Advanced Ajax Page Loader < 2.7.7 - Unauthenticated Uploaded File Disclosure
Published
2023-11-23
Title
The Events Calendar < 6.2.8.1 - Unauthenticated Arbitrary Password Protected Post Read
Published
2025-11-04
Title
KiotViet Sync <= 1.8.5 - Authorization Bypass via Use of Hard-coded Password
Published
2023-04-11
Title
Web Stories < 1.32 - Author+ Auth Bypass