← back
CVE-2020-7048

CVE-2020-7048

CVSS 9.1 CRITICALEPSS 22.9%
The WordPress plugin, WP Database Reset through 3.1, contains a flaw that allowed any unauthenticated user to reset any table in the database to the initial WordPress set-up state (deleting all site content stored in that table), as demonstrated by a wp-admin/admin-post.php?db-reset-tables[]=comments URI.
CVSS:3.0/AC:L/AV:N/A:H/C:N/I:H/PR:N/S:U/UI:N
Affected products
n/a · n/a
public PoCs found1
githubgithub.com/ElmouradiAmine/CVE-2020-70485
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://wordpress.org/plugins/wordpress-database-reset/#developershttps://wpvulndb.com/vulnerabilities/10027https://www.wordfence.com/blog/2020/01/easily-exploitable-vulnerabilities-patched-in-wp-database-reset-plugin/