CVSS: 9.9EPSS: 1%CPEs: 1EXPL: 1CVE-2020-7047 – WP Database Reset <= 3.1 - Privilege Escalation
https://notcve.org/view.php?id=CVE-2020-7047
16 Jan 2020 — The WordPress plugin, WP Database Reset through 3.1, contains a flaw that gave any authenticated user, with minimal permissions, the ability (with a simple wp-admin/admin.php?db-reset-tables[]=users request) to escalate their privileges to administrator while dropping all other users from the table. El plugin de WordPress, WP Database Reset versiones hasta 3.1, contiene un fallo que otorgó a cualquier usuario autenticado, con permisos mínimos, la capacidad (con una petición simple wp-admin/admin.php?db-rese... • https://wordpress.org/plugins/wordpress-database-reset/#developers • CWE-269: Improper Privilege Management •
CVSS: 9.1EPSS: 41%CPEs: 1EXPL: 2CVE-2020-7048 – WP Database Reset <= 3.1 - Unauthenticated Database Reset
https://notcve.org/view.php?id=CVE-2020-7048
16 Jan 2020 — The WordPress plugin, WP Database Reset through 3.1, contains a flaw that allowed any unauthenticated user to reset any table in the database to the initial WordPress set-up state (deleting all site content stored in that table), as demonstrated by a wp-admin/admin-post.php?db-reset-tables[]=comments URI. El plugin de WordPress, WP Database Reset versiones hasta 3.1, contiene un fallo que permitió a cualquier usuario no autenticado restablecer cualquier tabla de la base de datos al estado inicial de configu... • https://github.com/ElmouradiAmine/CVE-2020-7048 • CWE-287: Improper Authentication CWE-306: Missing Authentication for Critical Function •