Vulnerabilities in WordPress Database Reset plugin allow to capture or erase a site database

Wordfence specialists report that at the beginning of January, dangerous vulnerabilities were discovered in the popular WordPress Database Reset plugin installed on more than 80,000 sites. This plugin, developed by WebFactory Ltd, is designed to invest in database setup and quick reset to default settings. As a result, bugs can be used to capture sites and reset tables in the database.

The first issue tracked as CVE-2020-7048, scored 9.1 on a ten-point CVSS vulnerability rating scale. The experts found that none of the database functions is protected by any checks or warnings, which is why any user has the opportunity to reset any database tables without authentication. All that is needed to reset the site is a simple request to delete messages, pages, comments, users, downloaded content, and so on.

The second vulnerability has the identifier CVE-2020-7047 and has 8.1 on the CVSS scale. This bug allows any authenticated user (regardless of privilege level) not only to give himself administrative rights, but also to take away rights from other users with one simple request. Thus, the attacker will remain the only administrator and completely take control of the site.

“Each time a wp_users table is reset, all users are deleted, including any administrators, except for the current user who is logged on. The user sending such a request will be automatically promoted to administrator, even if he was a simple subscriber, ”experts say.

It is recommended that all users of a vulnerable plug-in immediately update it to the latest version (WP Database Reset 3.15). So far, only 8% of users have managed to do this.