Lucene search
K

75 matches found

Qualys Blog
Qualys Blog
added 2020/01/24 4:0 p.m.110 views

WordPress Database Reset Plugin Vulnerability (CVE-2020-7047, CVE-2020-7048)

A vulnerability recently disclosed by Wordfence and published as CVE-2020-7047 and CVE-2020-7048 allows an attacker to take over vulnerable WordPress-based websites. Functionality in the WP Database Reset plugin introduced the vulnerability, which allows any unauthenticated user to reset any tabl...

6.5CVSS9.2AI score0.22928EPSS
Exploits4
OpenVAS
OpenVAS
added 2020/01/24 12:0 a.m.96 views

WordPress Database Reset Plugin <= 3.1 Multiple Vulnerabilities

The WordPress plugin SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.113630";...

9.9CVSS9.1AI score0.02463EPSS
Exploits2References4
CNVD
CNVD
added 2020/01/19 12:0 a.m.3 views

WordPress WP Database Reset Elevation of Privilege Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WP Database Reset is a database reset plugin used in it. A security vulnerability exists in WordPress WP Database Reset 3.1 and earlier...

9.9CVSS6.6AI score0.02463EPSS
Exploits2References1
CNVD
CNVD
added 2020/01/19 12:0 a.m.7 views

Unspecified Vulnerability in WordPress WP Database Reset

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WP Database Reset is a database reset plugin used in it. An unspecified vulnerability exists in WordPress WP Database Reset. An attacke...

9.1CVSS6.7AI score0.22928EPSS
Exploits2References1
OSV
OSV
added 2020/01/16 9:15 p.m.3 views

CVE-2020-7047

The WordPress plugin, WP Database Reset through 3.1, contains a flaw that gave any authenticated user, with minimal permissions, the ability with a simple wp-admin/admin.php?db-reset-tables=users request to escalate their privileges to administrator while dropping all other users from the table...

8.8CVSS7.3AI score0.02463EPSS
Exploits2References3
OSV
OSV
added 2020/01/16 9:15 p.m.4 views

CVE-2020-7048

The WordPress plugin, WP Database Reset through 3.1, contains a flaw that allowed any unauthenticated user to reset any table in the database to the initial WordPress set-up state deleting all site content stored in that table, as demonstrated by a wp-admin/admin-post.php?db-reset-tables=comments...

9.1CVSS7.2AI score0.22928EPSS
Exploits2References3
NVD
NVD
added 2020/01/16 9:15 p.m.20 views

CVE-2020-7047

The WordPress plugin, WP Database Reset through 3.1, contains a flaw that gave any authenticated user, with minimal permissions, the ability with a simple wp-admin/admin.php?db-reset-tables=users request to escalate their privileges to administrator while dropping all other users from the table...

9.9CVSS9.1AI score0.02463EPSS
Exploits2References3
Prion
Prion
added 2020/01/16 9:15 p.m.12 views

Design/Logic Flaw

The WordPress plugin, WP Database Reset through 3.1, contains a flaw that gave any authenticated user, with minimal permissions, the ability with a simple wp-admin/admin.php?db-reset-tables=users request to escalate their privileges to administrator while dropping all other users from the table...

6.5CVSS8.6AI score0.02463EPSS
Exploits2References3Affected Software1
Cvelist
Cvelist
added 2020/01/16 8:37 p.m.15 views

CVE-2020-7047

The WordPress plugin, WP Database Reset through 3.1, contains a flaw that gave any authenticated user, with minimal permissions, the ability with a simple wp-admin/admin.php?db-reset-tables=users request to escalate their privileges to administrator while dropping all other users from the table...

9.9CVSS8.8AI score0.02463EPSS
Exploits2References3
CVE
CVE
added 2020/01/16 8:35 p.m.131 views

CVE-2020-7048

The CVE describes a vulnerability in the WordPress WP Database Reset plugin (versions up to 3.1; fixed in later releases, with guidance noting upgrade to at least 3.15). Root cause: an unauthenticated user can trigger a database-table reset via the admin-post.php endpoint (db-reset-tables[] param...

9.1CVSS9AI score0.22928EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2020/01/16 12:0 a.m.14 views

WordPress WP Database Reset plugin <= 3.1 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by WordFence in WordPress WP Database Reset plugin versions = 3.1. Solution Update the WordPress WP Database Reset plugin to the latest available version at least 3.15...

9.9CVSS3.4AI score0.02463EPSS
Exploits2References3Affected Software1
wpexploit
wpexploit
added 2020/01/16 12:0 a.m.23 views

WP Database Reset < 3.15 - Privilege Escalation

This flaw "allowed any authenticated user, even those with minimal permissions, the ability to grant their account administrative privileges while dropping all other users from the table with a simple request." Login as a subscriber then send the following request:...

6.5CVSS1.9AI score0.02463EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2020/01/16 12:0 a.m.6 views

VulnCheck KEV: CVE-2020-7047

The WordPress plugin, WP Database Reset through 3.1, contains a flaw that gave any authenticated user, with minimal permissions, the ability with a simple wp-admin/admin.php?db-reset-tables=users request to escalate their privileges to administrator while dropping all other users from the table...

9.9CVSS7.3AI score0.02463EPSS
Exploits2References1
n0where
n0where
added 2018/04/26 5:28 p.m.29 views

Web Pen-Test Practice Application: OWASP Mutillidae

OWASP Mutillidae II is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiast. Mutillidae can be installed on Linux and Windows using LAMP, WAMP, and XAMMP. It is pre-installed on SamuraiWTF and OWASP BWA. The existing version can be updated on...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2014/09/15 12:0 a.m.28 views

DVWA Cross Site Request Forgery

//document.getElementById"loader".innerHTML = 'Loading...'; var one = "createdb":'whatever'; var two = "username":"admin","password":"password","Login":"Login"; var three = "security":"low","seclevsubmit":"Submit"; //windows opens calculator; change this to whatever your desire var four =...

0.9AI score
Exploits0
Rows per page
Query Builder