Home Hacking News WP Database Reset Plugin Had Some ‘Easily Exploitable’ Vulnerabilities

WP Database Reset Plugin Had Some ‘Easily Exploitable’ Vulnerabilities

by Abeerah Hashim
GiveWP Plugin Vulnerability Risked 100,000+ Websites To RCE Attacks

Another threat to WordPress sites has surfaced online. Researchers have discovered some serious security vulnerabilities in the WP Database Reset plugin. What’s threatening with these vulnerabilities is their easily exploitable nature.

WP Database Reset Plugin Flaws

Reportedly, researchers from Wordfence have spotted security flaws in one more WordPress plugin. This time, they found some ‘easily exploitable’ vulnerabilities in the WP Database Reset plugin.

As described in their blog post, the researchers found two different security issues with the plugin. The first of these is a critical severity bug (CVE-2020-7048) with a CVSS score of 9.1. This unauthenticated database reset issue could allow an adversary to reset any table in the database, thus causing data loss. To trigger the flaw, the attacker would only have to send a malicious request to the site.

Describing the impact of a possible exploit, the researchers stated,

A WordPress database stores all data that makes up the site including posts, pages, users, site options, comments, and more. With a few simple clicks and a couple of seconds, an unauthenticated user could wipe an entire WordPress installation clean if that installation was using a vulnerable version of this plugin.

The second vulnerability (CVE-2020-7047) was a privilege escalation bug with a high-severity rating and a CVSS score of 8.8. This bug allowed any user with subscriber access to escalate privilege levels. In turn, the bug allowed the attacker to exploit the previous vulnerability as well.

Explaining about the vulnerability, the researchers stated,

Any user authenticated as a subscriber and above had the ability to reset the wp_users table.
Whenever the wp_users table was reset, it dropped all users from the user table, including any administrators, except for the currently logged-in user. The user sending the request would automatically be escalated to the administrator, even if they were only a subscriber.

An adversary could therefore completely takeover of the target website, rendering the actual admins unable to gain access.

The following video demonstrates the attack scenario.

Patch Released – Update Now!

According to Wordfence, the vulnerabilities affected all previously available WP Database Reset plugin versions. Upon noticing the flaw, the researchers disclosed the vulnerabilities to the plugin developers, who then patched the bugs. Consequently, WP Database Reset version 3.15 rolled out containing the patches for both bugs.

Presently, the plugin boasts over 80,000 active installations, hence making thousands of sites vulnerable to potential exploits. Therefore, the users of this plugin must ensure updating their sites to the latest plugin version to stay safe.

Let us know your thoughts in the comments.

You may also like