A critical security flaw in the WordPress WP Reset PRO plugin allows authenticated attackers to wipe vulnerable websites.
- Researchers from cybersecurity firm Patchstack discovered a high-severity security vulnerability in the WP Reset PRO WordPress plugin to allow authenticated attackers to wipe vulnerable websites.
- The flaw affects premium versions of the WP reset plugin, up to and including version 5.98.
A critical security flaw in the WordPress WP Reset PRO plugin allows authenticated attackers to wipe vulnerable websites.
Patchstack CTO Dave Jong reported that the authenticated database reset vulnerability (tracked as CVE-2021-36909) is caused by a lack of authorisation and nonce token check and can be exploited by an authenticated user, including low-privileged users such as subscribers.
“The PRO version of the WP Reset plugin (versions 5.98 and below) suffers from a vulnerability that allows any authenticated user, regardless of their authorisation, to wipe the entire database,” reads the analysis published by Patchstack.
“Because it wipes all tables in the database, it will restart the WordPress installation process, which could permit an attacker to launch this installation process and then create an administrator account at the end of this process as, by default, an administrator account has to be created once the WordPress site has been installed. After this, they could further exploit the site by uploading a malicious plugin or uploading a backdoor.”
Exploitation only requires passing a query parameter such as "%%wp" to drop all tables from the database with the prefix wp. The attacker can then visit the homepage of the website to go through the WordPress installation process and build their administrator account.
Patch stack CEO Oliver Sild reported that the big is quite critical, especially to e-commerce and other sites that have any registration open.
If there is an old forgotten site in a subdirectory on which this plugin is installed and the server environment is connected, then this would enable getting access to other sites in the same environment.
The dev team fixed the bug with the release of WP Reset PRO 5.99 on September 28, within 24 hours of Patchstack’s disclosure, by adding an authentication and authorisation check.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?