75 matches found
WordPress Database Reset Plugin Vulnerability (CVE-2020-7047, CVE-2020-7048)
A vulnerability recently disclosed by Wordfence and published as CVE-2020-7047 and CVE-2020-7048 allows an attacker to take over vulnerable WordPress-based websites. Functionality in the WP Database Reset plugin introduced the vulnerability, which allows any unauthenticated user to reset any tabl...
WordPress Database Reset Plugin <= 3.1 Multiple Vulnerabilities
The WordPress plugin SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.113630";...
WordPress WP Database Reset Elevation of Privilege Vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WP Database Reset is a database reset plugin used in it. A security vulnerability exists in WordPress WP Database Reset 3.1 and earlier...
Unspecified Vulnerability in WordPress WP Database Reset
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WP Database Reset is a database reset plugin used in it. An unspecified vulnerability exists in WordPress WP Database Reset. An attacke...
CVE-2020-7047
The WordPress plugin, WP Database Reset through 3.1, contains a flaw that gave any authenticated user, with minimal permissions, the ability with a simple wp-admin/admin.php?db-reset-tables=users request to escalate their privileges to administrator while dropping all other users from the table...
CVE-2020-7048
The WordPress plugin, WP Database Reset through 3.1, contains a flaw that allowed any unauthenticated user to reset any table in the database to the initial WordPress set-up state deleting all site content stored in that table, as demonstrated by a wp-admin/admin-post.php?db-reset-tables=comments...
CVE-2020-7047
The WordPress plugin, WP Database Reset through 3.1, contains a flaw that gave any authenticated user, with minimal permissions, the ability with a simple wp-admin/admin.php?db-reset-tables=users request to escalate their privileges to administrator while dropping all other users from the table...
Design/Logic Flaw
The WordPress plugin, WP Database Reset through 3.1, contains a flaw that gave any authenticated user, with minimal permissions, the ability with a simple wp-admin/admin.php?db-reset-tables=users request to escalate their privileges to administrator while dropping all other users from the table...
CVE-2020-7047
The WordPress plugin, WP Database Reset through 3.1, contains a flaw that gave any authenticated user, with minimal permissions, the ability with a simple wp-admin/admin.php?db-reset-tables=users request to escalate their privileges to administrator while dropping all other users from the table...
CVE-2020-7048
The CVE describes a vulnerability in the WordPress WP Database Reset plugin (versions up to 3.1; fixed in later releases, with guidance noting upgrade to at least 3.15). Root cause: an unauthenticated user can trigger a database-table reset via the admin-post.php endpoint (db-reset-tables[] param...
WordPress WP Database Reset plugin <= 3.1 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by WordFence in WordPress WP Database Reset plugin versions = 3.1. Solution Update the WordPress WP Database Reset plugin to the latest available version at least 3.15...
WP Database Reset < 3.15 - Privilege Escalation
This flaw "allowed any authenticated user, even those with minimal permissions, the ability to grant their account administrative privileges while dropping all other users from the table with a simple request." Login as a subscriber then send the following request:...
VulnCheck KEV: CVE-2020-7047
The WordPress plugin, WP Database Reset through 3.1, contains a flaw that gave any authenticated user, with minimal permissions, the ability with a simple wp-admin/admin.php?db-reset-tables=users request to escalate their privileges to administrator while dropping all other users from the table...
Web Pen-Test Practice Application: OWASP Mutillidae
OWASP Mutillidae II is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiast. Mutillidae can be installed on Linux and Windows using LAMP, WAMP, and XAMMP. It is pre-installed on SamuraiWTF and OWASP BWA. The existing version can be updated on...
DVWA Cross Site Request Forgery
//document.getElementById"loader".innerHTML = 'Loading...'; var one = "createdb":'whatever'; var two = "username":"admin","password":"password","Login":"Login"; var three = "security":"low","seclevsubmit":"Submit"; //windows opens calculator; change this to whatever your desire var four =...