#VU24370 Improper Privilege Management in WordPress Database Reset - CVE-2020-7047

Cybersecurity Help s.r.o.

Published: 2020-01-17

Vulnerability identifier: #VU24370

Vulnerability risk: High

CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2020-7047

CWE-ID: CWE-269

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
WordPress Database Reset
Web applications / Modules and components for CMS

Vendor: Chris Berthe

Description

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to the "wp_users" table does not check the user capabilities and lacks a security nonce. A remote user can send a specially crafted request, reset the "wp_users" table, drop all users from the user table and gain administrative privileges on the target system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

WordPress Database Reset: 1.0 - 3.1

External links
https://wordpress.org/plugins/wordpress-database-reset/#developers
https://wpvulndb.com/vulnerabilities/10028
https://www.wordfence.com/blog/2020/01/easily-exploitable-vulnerabilities-patched-in-wp-database-reset-plugin/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in WordPress Database Reset plugin