CVE-2020-7047

Опубликовано: 16 янв. 2020

Источник: nvd

CVSS3: 9.9

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

The WordPress plugin, WP Database Reset through 3.1, contains a flaw that gave any authenticated user, with minimal permissions, the ability (with a simple wp-admin/admin.php?db-reset-tables[]=users request) to escalate their privileges to administrator while dropping all other users from the table.

Ссылки

https://wordpress.org/plugins/wordpress-database-reset/#developers
Release Notes
Third Party Advisory
https://wpvulndb.com/vulnerabilities/10028
Third Party Advisory
https://www.wordfence.com/blog/2020/01/easily-exploitable-vulnerabilities-patched-in-wp-database-reset-plugin/
Exploit
Patch
Third Party Advisory
https://wordpress.org/plugins/wordpress-database-reset/#developers
Release Notes
Third Party Advisory
https://wpvulndb.com/vulnerabilities/10028
Third Party Advisory
https://www.wordfence.com/blog/2020/01/easily-exploitable-vulnerabilities-patched-in-wp-database-reset-plugin/
Exploit
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:webfactoryltd:wp_database_reset:*:*:*:*:*:wordpress:*:*

Версия до 3.1 (включая)

EPSS

Процентиль: 82%

0.01691

Низкий

9.9 Critical

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-269

Связанные уязвимости

GHSA-9f6m-8x44-j5mr

github

больше 3 лет назад

EPSS

Процентиль: 82%

0.01691

Низкий

9.9 Critical

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-269