SB2020011705 - Multiple vulnerabilities in WordPress Database Reset plugin

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Improper Privilege Management (CVE-ID: CVE-2020-7047)

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to the "wp_users" table does not check the user capabilities and lacks a security nonce. A remote user can send a specially crafted request, reset the "wp_users" table, drop all users from the user table and gain administrative privileges on the target system.

2) Improper Authentication (CVE-ID: CVE-2020-7048)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to missing capability checks or security nonces. A remote attacker can send a simple request and reset any table from the database to the initial WordPress set-up state.

Remediation

Install update from vendor's website.

References

• https://wordpress.org/plugins/wordpress-database-reset/#developers
• https://wpvulndb.com/vulnerabilities/10028
• https://www.wordfence.com/blog/2020/01/easily-exploitable-vulnerabilities-patched-in-wp-database-reset-plugin/
• https://wpvulndb.com/vulnerabilities/10027