CVEInsight.

Free vulnerability intelligence for developers, security teams, and researchers. Data sourced from public databases for informational purposes only.

Explore

Legal

CVE data sourced from NVD / NIST & public disclosures.

webfactoryltd

wp_database_reset

3 known vulnerabilities · sorted by CVSS score

CVE-2020-7048

CRITICAL9.1

The WordPress plugin, WP Database Reset through 3.1, contains a flaw that allowed any unauthenticated user to reset any table in the database to the initial WordPress set-up state (deleting all site content stored in that table), as demonstrated by a wp-admin/admin-post.php?db-reset-tables[]=comments URI.

webfactoryltd / wp_database_reset

Network

Published Jan 16, 2020

CVE-2020-7047

HIGH8.8

The WordPress plugin, WP Database Reset through 3.1, contains a flaw that gave any authenticated user, with minimal permissions, the ability (with a simple wp-admin/admin.php?db-reset-tables[]=users request) to escalate their privileges to administrator while dropping all other users from the table.

webfactoryltd / wp_database_reset

Network

Published Jan 16, 2020

CVE-2024-1501

MEDIUM4.7

The Database Reset plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.22. This is due to missing or incorrect nonce validation on the install_wpr() function. This makes it possible for unauthenticated attackers to install the WP Reset Plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

webfactoryltd / wp_database_reset

Network

Published Feb 21, 2024