This WordPress vulnerability could let hackers hijack your entire site | The Wordfense security team has discovered two severe vulnerabilities in a popular WordPress plugin.

This WordPress vulnerability could let hackers hijack your entire site

This WordPress vulnerability could let hackers hijack your entire site

This WordPress vulnerability could let hackers hijack your entire site

This WordPress vulnerability could let hackers hijack your entire site

This WordPress vulnerability could let hackers hijack your entire site

This WordPress vulnerability could let hackers hijack your entire site
This WordPress vulnerability could let hackers hijack your entire site
  • By: techradar.com
  • Views 13,710
62
Shared

A WordPress plugin has been discovered to contain “easily exploitable” security issues that could be leveraged by an attacker to gain complete control over vulnerable websites.

The plugin is called WP Database Reset and it is used to reset databases without having to go through the standard WordPress installation process. The security issue has the potential to affect many websites as the WordPress library says it is active on over 80,000 sites.

Two severe vulnerabilities were found by the Wordfense security team and either of these vulnerabilities can be used to force a full website reset or takeover according to the firm.

Wordfense's Chloe Chamberland explained just how damaging these vulnerabilities could be to websites in a blog post detailing the firm's findings, saying:

“A WordPress database stores all data that makes up the site including posts, pages, users, site options, comments, and more. With a few simple clicks and a couple of seconds, an unauthenticated user could wipe an entire WordPress installation clean if that installation was using a vulnerable version of this plugin.”

Critical security flaws

The first critical security flaw is tracked as CVE-2020-7048 and since none of the database reset functions were secured through any checks, it could allow any user to reset any database tables without authentication.

The other vulnerability discovered by Wordfense is tracked as CVE-2020-7047 and it allowed any authenticated users to grant themselves administrative privileges while also giving them the ability to “drop all other users from the table with a simple request”.

Wordfense first made WP Database Reset's developer aware of the security issues on January 8 after verifying their findings. The developer responded on January 13 and promised a patch would be released the next day and the vulnerabilities were publicly disclosed a few days later.

Users of the WP Database Reset plugin should updated to the latest version (version 3.15) as soon as possible to prevent having their website hijacked by hackers or wiped out completely.

Via ZDNet

ADVERTISING
ADVERTISING WEBSITES - VISITORS

Easy Branches Worldwide Network provide the possibility and allows You to contribute Your Guest Post on different websites and languages, pointed to any City or Country

Place Guest Post
Banner advertising on easybranches network boatshowchina expolifestyle.com
Tanzania wins Best International Wildlife Destination
10 years of Norwegian support to the Sauti za Busara festival and promotion of women in music
We offer a unique selection of collectibles Artifacts, Sculptures, Jewels and Paintings from World-Wide Artists to sell Global
Luxury Super Yacht for Charter in Phuket for a Day You Never more will Forget
China (Shanghai) International Boat Show (CIBS) is the longest running and most comprehensive annual boating event in China, its 25th version will be held on March 31th-April 2nd, 2020
Asia Recreational Water Sports Expo 2020 (ARWSE 2020)
Asia-Pacific Boating and China Boating magazines
SEA Yachting is one of Southeast Asia’s leading leisure marine publications. SEA Yachting strives to keep people in the leisure marine industry throughout Southeast Asia up-to-date on technology, events, products and processes that have an impact on their
Agency Sign-up Fill in the form and our consultants will contact you as soon as possible in order to give you all the information you need to sale, rent Your real estate, property
immediate for delivery new exclusive hypercars, megacars and super sportcars so as luxury classic sports cars for sale and purchasing
Top of the Gulf Regatta 1st May - 6th May 2020