WordPress Plugin Bug Gives Full Access when Exploited
A WordPress plugin, WP Database Reset, contains "easily exploitable" security issues that can give an attacker complete control over vulnerable websites. An attacker can exploit CVE-2020-7048 to wipe out the entire website by resetting any database tables without the need for authentication. Additionally, any authenticated user can exploit CVE-2020-7047 to obtain full administrative rights, which can be used to drop all other users from the compromised website. The plugin developer has released the patch and users are advised to update to the latest plugin version 3.15 to mitigate against potential attacks.
References:Easily Exploitable Vulnerabilities Patched in WP Database Reset Plugin
More Weekly Cyber Newsanalysis and insights
Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.
Ensign Systems Integration
Architecting and implementing cybersecurity solutions that bolster defences
Ensign Managed Security Services
Managing your security operations for advanced threat detection, continuous monitoring, and triage services