Media and Entertainment

WordPress Plugin Bug Gives Full Access when Exploited

14 - 21 January 2020

A WordPress plugin contains "easily exploitable" security issues that can give an attacker complete control over vulnerable websites.

A WordPress plugin, WP Database Reset, contains "easily exploitable" security issues that can give an attacker complete control over vulnerable websites. An attacker can exploit CVE-2020-7048 to wipe out the entire website by resetting any database tables without the need for authentication. Additionally, any authenticated user can exploit CVE-2020-7047 to obtain full administrative rights, which can be used to drop all other users from the compromised website. The plugin developer has released the patch and users are advised to update to the latest plugin version 3.15 to mitigate against potential attacks.

References:

Easily Exploitable Vulnerabilities Patched in WP Database Reset Plugin

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence