WP Database Reset Plugin Had Some ‘Easily Exploitable’ Vulnerabilities

  •  
  •  
  •  
  • 1
  •  
  •  
  •  
    1
    Share

Another threat to WordPress sites has surfaced online. Researchers have discovered some serious security vulnerabilities in the WP Database Reset plugin. What’s threatening with these vulnerabilities is their easily exploitable nature.

WP Database Reset Plugin Flaws

Reportedly, researchers from Wordfence have spotted security flaws in one more WordPress plugin. This time, they found some ‘easily exploitable’ vulnerabilities in the WP Database Reset plugin.

As described in their blog post, the researchers found two different security issues with the plugin. The first of these is a critical severity bug (CVE-2020-7048) with a CVSS score of 9.1. This unauthenticated database reset issue could allow an adversary to reset any table in the database, thus causing data loss. To trigger the flaw, the attacker would only have to send a malicious request to the site.

Describing the impact of a possible exploit, the researchers stated,

A WordPress database stores all data that makes up the site including posts, pages, users, site options, comments, and more. With a few simple clicks and a couple of seconds, an unauthenticated user could wipe an entire WordPress installation clean if that installation was using a vulnerable version of this plugin.

The second vulnerability (CVE-2020-7047) was a privilege escalation bug with a high-severity rating and a CVSS score of 8.8. This bug allowed any user with subscriber access to escalate privilege levels. In turn, the bug allowed the attacker to exploit the previous vulnerability as well.

Explaining about the vulnerability, the researchers stated,

Any user authenticated as a subscriber and above had the ability to reset the wp_users table.
Whenever the wp_users table was reset, it dropped all users from the user table, including any administrators, except for the currently logged-in user. The user sending the request would automatically be escalated to the administrator, even if they were only a subscriber.

An adversary could therefore completely takeover of the target website, rendering the actual admins unable to gain access.

The following video demonstrates the attack scenario.

Patch Released – Update Now!

According to Wordfence, the vulnerabilities affected all previously available WP Database Reset plugin versions. Upon noticing the flaw, the researchers disclosed the vulnerabilities to the plugin developers, who then patched the bugs. Consequently, WP Database Reset version 3.15 rolled out containing the patches for both bugs.

Presently, the plugin boasts over 80,000 active installations, hence making thousands of sites vulnerable to potential exploits. Therefore, the users of this plugin must ensure updating their sites to the latest plugin version to stay safe.

Let us know your thoughts in the comments.

Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!