← volver
CVE-2020-7048

CVE-2020-7048

CVSS 9.1 CRITICALEPSS 22.9%
The WordPress plugin, WP Database Reset through 3.1, contains a flaw that allowed any unauthenticated user to reset any table in the database to the initial WordPress set-up state (deleting all site content stored in that table), as demonstrated by a wp-admin/admin-post.php?db-reset-tables[]=comments URI.
CVSS:3.0/AC:L/AV:N/A:H/C:N/I:H/PR:N/S:U/UI:N
Productos afectados
n/a · n/a
PoCs públicas encontradas1
githubgithub.com/ElmouradiAmine/CVE-2020-70485
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://wordpress.org/plugins/wordpress-database-reset/#developershttps://wpvulndb.com/vulnerabilities/10027https://www.wordfence.com/blog/2020/01/easily-exploitable-vulnerabilities-patched-in-wp-database-reset-plugin/