WP Database Reset
Security on January 17, 2020
Security Error Found WP Database Reset Plugin
Early January 2020, our Threat Intelligence department found website security vulnerabilities in the WP Database Reset WordPress plugin, which is installed in around 80,000 websites to date. Initial vulnerabilities of the plugin gave any unauthenticated user of these websites to reset tables from the WordPress database set-up state, also allowing authenticated users, the capacity to give permission of account admin privileges, while deleting any other users from the database table, with one simple request.
The above vulnerabilities are major issues that will cause an immediate reset or takeover of the WordPress database. We recommend that the plugin is updated immediately to the latest version (3.15).
WP Database Reset is a database reset plugin, allowing users the ability to reset the WordPress database tables, the reset flushed the database to a state as a fresh install. This can be useful for developers performing testing on a website, and for a complete database reset, without having to perform a fresh install of the WordPress database. This plugin can be described as a powerful feature, that if not protected, could leave major vulnerabilities.
Without proper security controls in place, the WP Database plugin had a major flaw that permitted none validated users to adjust and reset any database table.
A WordPress database is configured to store all of the data from, posts, pages, media files, users, and a lot more. With a few simple steps, a none validated user could effectively wipe the whole database back to the original configuration.
In this post, we have let you know about two major vulnerabilities in the WordPress Database Reset plugin. To rectify this problem we suggest you update the plugin with the 3.15 version which has a patch.