CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 2CVE-2020-7048 – WP Database Reset <= 3.1 - Unauthenticated Database Reset
https://notcve.org/view.php?id=CVE-2020-7048
The WordPress plugin, WP Database Reset through 3.1, contains a flaw that allowed any unauthenticated user to reset any table in the database to the initial WordPress set-up state (deleting all site content stored in that table), as demonstrated by a wp-admin/admin-post.php?db-reset-tables[]=comments URI. El plugin de WordPress, WP Database Reset versiones hasta 3.1, contiene un fallo que permitió a cualquier usuario no autenticado restablecer cualquier tabla de la base de datos al estado inicial de configuración de WordPress (eliminando todo el contenido del sitio almacenado en esta tabla), como es demostrado por un URI wp-admin/admin-post.php?db-reset-tables[]=comments. • https://github.com/ElmouradiAmine/CVE-2020-7048 https://wordpress.org/plugins/wordpress-database-reset/#developers https://wpvulndb.com/vulnerabilities/10027 https://www.wordfence.com/blog/2020/01/easily-exploitable-vulnerabilities-patched-in-wp-database-reset-plugin • CWE-287: Improper Authentication CWE-306: Missing Authentication for Critical Function •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1CVE-2020-7047 – WP Database Reset <= 3.1 - Privilege Escalation
https://notcve.org/view.php?id=CVE-2020-7047
The WordPress plugin, WP Database Reset through 3.1, contains a flaw that gave any authenticated user, with minimal permissions, the ability (with a simple wp-admin/admin.php?db-reset-tables[]=users request) to escalate their privileges to administrator while dropping all other users from the table. El plugin de WordPress, WP Database Reset versiones hasta 3.1, contiene un fallo que otorgó a cualquier usuario autenticado, con permisos mínimos, la capacidad (con una petición simple wp-admin/admin.php?db-reset-tables[]=users) para escalar sus privilegios a administrador mientras elimina a todos los otros usuarios de la tabla. • https://wordpress.org/plugins/wordpress-database-reset/#developers https://wpvulndb.com/vulnerabilities/10028 https://www.wordfence.com/blog/2020/01/easily-exploitable-vulnerabilities-patched-in-wp-database-reset-plugin • CWE-269: Improper Privilege Management •