It has been discovered that a WordPress plugin contains “easily exploitable” security issues that an attacker could take advantage of to gain complete control over vulnerable websites.
The add-on is called WP Database Reset and is used to restore databases without having to go through the standard WordPress installation process. The security issue has the potential to affect many websites, since the WordPress library says it is active in more than 80,000 sites.
The Wordfense security team found two serious vulnerabilities and any of these vulnerabilities can be used to force a restart or complete takeover of the website according to the company.
Chloe Chamberland of Wordfense explained how harmful these vulnerabilities could be for websites in a Blog post detailing the company’s findings, saying:
“A WordPress database stores all the data that makes up the site, including posts, pages, users, site options, comments and more. With a few clicks and a couple of seconds, an unauthenticated user could clean an entire WordPress installation if that installation used a vulnerable version of this add-on. “
Critical Security Failures
The first critical security flaw is traced as CVE-2020-7048 and since none of the database reset functions were secured by any verification, it could allow any user to reset the database tables without authentication.
The other vulnerability discovered by Wordfense is traced as CVE-2020-7047 and allowed authenticated users to grant administrative privileges while giving them the ability to “remove all other users from the table with a simple request.”
Wordfense first made the WP Database Reset developer aware of security issues on January 8 after verifying its findings. The developer responded on January 13 and promised that a patch would be released the next day and the vulnerabilities were publicly disclosed a few days later.
Users of the WP Database Reset plug-in should update to the latest version (version 3.15) as soon as possible to prevent their website from being hijacked by hackers or erased completely.