Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

wp_database_reset

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

3
Related CVEsRelated VendorsRelated AssignersReports
3Vulnerabilities found
CVE-2024-1501
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-4.7||MEDIUM
EPSS-0.31% / 54.63%
||
7 Day CHG~0.00%
Published-21 Feb, 2024 | 03:36
Updated-08 Apr, 2026 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Database Reset <= 3.22 - Cross-Site Request Forgery to WP Reset Plugin Installation

The Database Reset plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.22. This is due to missing or incorrect nonce validation on the install_wpr() function. This makes it possible for unauthenticated attackers to install the WP Reset Plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-webfactoryltdwebfactory
Product-wp_database_resetDatabase Reset
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-7047
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.9||CRITICAL
EPSS-1.66% / 82.47%
||
7 Day CHG~0.00%
Published-16 Jan, 2020 | 20:37
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WordPress plugin, WP Database Reset through 3.1, contains a flaw that gave any authenticated user, with minimal permissions, the ability (with a simple wp-admin/admin.php?db-reset-tables[]=users request) to escalate their privileges to administrator while dropping all other users from the table.

Action-Not Available
Vendor-webfactoryltdn/a
Product-wp_database_resetn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-7048
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-47.06% / 97.75%
||
7 Day CHG~0.00%
Published-16 Jan, 2020 | 20:35
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WordPress plugin, WP Database Reset through 3.1, contains a flaw that allowed any unauthenticated user to reset any table in the database to the initial WordPress set-up state (deleting all site content stored in that table), as demonstrated by a wp-admin/admin-post.php?db-reset-tables[]=comments URI.

Action-Not Available
Vendor-webfactoryltdn/a
Product-wp_database_resetn/a
CWE ID-CWE-306
Missing Authentication for Critical Function