A Wordfense security team discovered a flaw in the WordPress Database Reset plugin, which puts entire websites in danger of being hijacked.
Recently, security researchers from the company called Wordfense discovered that a WordPress plugin called Database Reset has an easily exploitable security flaw that could allow hackers to take over websites that use it.
As the name suggests, the plugin is used for resetting databases quickly, and without the need to go through the WordPress installation procedure. However, the issue is quite serious, and researchers estimate that over 80,000 websites are in danger of being hijacked.
According to researchers, the plugin actually has two severe vulnerabilities, either of which can be used for taking over the websites that use it. One of the researchers, Chloe Chamberland, stated that the flaws are very dangerous, as they provide access to a WordPress database, which stores all the data that makes up the site.
This includes pages, posts, users, comments, and more. With the vulnerable plugin installed, hackers could wipe out the entire WordPress installation with only a few clicks.
As mentioned, two vulnerabilities were found: CVE-2020-7047 and CVE-2020-7048. The first one allows any authenticated user to take over the site by granting themselves administrator privileges. They can even take all such privileges away from other administrators with a single request. The second foal allows anyone to reset the database tables, even if they were not authenticated.
After discovering and verifying the flaws on January 8th, Wordfense contacted the plugin’s developers to warn them of the issues. Developers responded by January 13th, promising to release a patch as soon as possible. The patch was out the very next day when the vulnerabilities were disclosed publicly.
All that the plugin’s users need to do now is ensure that their plugin is updated to its latest version (v3.15), and their website should be secure. Otherwise, they are risking losing it to hackers who might take over or wipe its database clean.
Images are courtesy of Shutterstock, Twitter, Pixabay.
Top crypto projects in the US | April 2024
Trusted
Disclaimer
In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and Conditions, Privacy Policy, and Disclaimers have been updated.
Sponsored
Sponsored