CVE-2020-36852 Custom Searchable Data Entry System <= 1.7.1 - Unauthenticated Database Wiping

The Custom Searchable Data Entry System plugin for WordPress is vulnerable to unauthenticated database wiping in versions up to, and including 1.7.1, due to a missing capability check and lack of sufficient validation on the ghazalesdsdeleteentriestablerow function. This makes it possible for...

CVE-2020-36852

The WordPress plugin Custom Searchable Data Entry System (versions ≤ 1.7.1) is vulnerable to unauthenticated database wiping due to a missing capability check and inadequate validation in ghazale_sds_delete_entries_table_row(). This allows unauthenticated attackers to wipe tables (e.g., wp_users)...

CVE-2020-36333

ThemeGrill Demo Importer prior to 1.6.2 is vulnerable via a reset_wizard_actions hook that allows unauthenticated users to wipe the entire WordPress database. The issue affects versions from 1.3.4 upward and 1.6.1 and below, enabling a full database reset to default state and automatic administra...

CVE-2020-36333

themegrill-demo-importer before 1.6.2 does not require authentication for wiping the database, because of a resetwizardactions hook...