securityaffairs.co
Open in
urlscan Pro
2001:8d8:100f:f000::289
Public Scan
Submitted URL: https://securityaffairs.co/wordpress/124458/security/wp-reset-pro-wordpress
Effective URL: https://securityaffairs.co/wordpress/124458/security/wp-reset-pro-wordpress-plugin-flaw.html
Submission: On November 17 via api from IN — Scanned from DE
Effective URL: https://securityaffairs.co/wordpress/124458/security/wp-reset-pro-wordpress-plugin-flaw.html
Submission: On November 17 via api from IN — Scanned from DE
Form analysis 1 forms found in the DOM
Name: searchform — GET https://securityaffairs.co/wordpress/
<form role="search" method="get" name="searchform" id="searchform" action="https://securityaffairs.co/wordpress/">
<div>
<input type="text" value="" name="s" id="s" autocomplete="off" title="Search..." class="blur">
<button type="submit">
<i class="fa fa-search"></i>
</button>
</div>
<div id="autocomplete"></div>
</form>Text Content
* Home * Cyber Crime * Cyber warfare * APT * Data Breach * Deep Web * Digital ID * Hacking * Hacktivism * Intelligence * Internet of Things * Laws and regulations * Malware * Mobile * Reports * Security * Social Networks * Terrorism * ICS-SCADA * EXTENDED COOKIE POLICY * Contact me MUST READ Headlines * The rise of millionaire zero-day exploit markets * Iran-linked APT groups continue to evolve * Mandiant links Ghostwriter operations to Belarus * GitHub addressed two major vulnerabilities in the NPM package manager * Adult cam site StripChat exposes the data of millions of users and cam models * Intel addresses 2 high-severity issues in BIOS firmware of several processors * Home * Cyber Crime * Cyber warfare * APT * Data Breach * Deep Web * Digital ID * Hacking * Hacktivism * Intelligence * Internet of Things * Laws and regulations * Malware * Mobile * Reports * Security * Social Networks * Terrorism * ICS-SCADA * EXTENDED COOKIE POLICY * Contact me A FLAW IN WP RESET PRO WORDPRESS PLUGIN ALLOWS WIPING THE INSTALLATION DB November 10, 2021 By Pierluigi Paganini Powered by pixfutureⓘ A CRITICAL VULNERABILITY IN THE WP RESET PRO WORDPRESS PLUGIN CAN ALLOW AN AUTHENTICATED USER TO WIPE THE ENTIRE DATABASE OF WORDPRESS SITES. Researchers from cybersecurity form Packstack have discovered a critical vulnerability in the WP Reset PRO WordPress plugin that could be exploited by an authenticated user to completely wipe the database of a website. Powered by pixfutureⓘ Once completely wiped the database of a website running the popular CMS, it will trigger the restart of the installation process. Then the attacker can create an administrator account associated with the installation process. The admin account can also be abused to upload malicious plugins to the website or even to upload a backdoor. “The PRO version of the WP Reset plugin (versions 5.98 and below) suffers from a vulnerability that allows any authenticated user, regardless of their authorization, to wipe the entire database.” reads the analysis published by Packstack. “Because it wipes all tables in the database, it will restart the WordPress installation process which could allow an attacker to launch this installation process and then create an administrator account at the end of this process as by default an administrator account has to be created once the WordPress site has been installed. After this, they could further exploit the site by uploading a malicious plugin or uploading a backdoor.” The WP Reset PRO plugin allows site administrators to easily restore damaged sites by resetting a website’s database to the default installation without modifying its files. The plugin allows to delete any customization and content or just chosen parts like theme settings. The root cause of this vulnerability is the lack of authorization and nonce token check. The experts noticed that the plugin registers a few actions in the admin_action_* scope, including admin_action_wpr_delete_snapshot_tables. The problem is that no check is performed to determine whether the user is authorized to perform such an action, and because a nonce token to prevent CSRF attacks isn’t validated or checked. “It can be seen that the uid query parameter is grabbed from the URL, which is directly used as a prefix of the tables that should be deleted. Since the LIKE operator is used, we can pass a query parameter such as %%wp to delete all tables with the prefix wp.” continues the post. “Once this is done, someone could simply visit the homepage of the site to start the WordPress installation process.“ The development team at WebFactory Ltd behind the plugin addressed the flaw with the release of the plugin version 5.99. The developers implemented an authentication and authorization check, and a check for a valid nonce token. Below is the timeline for this vulnerability: 27-09-2021 – We discovered the vulnerability in WP Reset PRO and released a virtual patch to all Patchstack paid version customers. 27-09-2021 – We reached out to the developer of the plugin. 28-09-2021 – The developer replied and we provided the vulnerability information. 28-09-2021 – The developer released a new plugin version, 5.99, which fixes this issue. 10-11-2021 – Published the article. 10-11-2021 – Added the vulnerability to the Patchstack vulnerability database. Follow me on Twitter: @securityaffairs and Facebook Pierluigi Paganini (SecurityAffairs – hacking, WordPress) Powered by pixfutureⓘ Share this... Facebook Twitter Linkedin SHARE THIS: * Twitter * Print * LinkedIn * Facebook * More * * Tumblr * Pocket * * Hackinghacking newsinformation security newsIT Information SecurityPierluigi PaganiniSecurity AffairsSecurity NewsWordpressWP Reset PRO -------------------------------------------------------------------------------- SHARE ON * * * * * * * PIERLUIGI PAGANINI Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”. -------------------------------------------------------------------------------- PREVIOUS ARTICLE Citrix addresses a critical flaw in ADC, Gateway NEXT ARTICLE VMware discloses a severe flaw in vCenter Server that has yet to fix -------------------------------------------------------------------------------- YOU MIGHT ALSO LIKE THE RISE OF MILLIONAIRE ZERO-DAY EXPLOIT MARKETS November 17, 2021 By Pierluigi Paganini IRAN-LINKED APT GROUPS CONTINUE TO EVOLVE November 17, 2021 By Pierluigi Paganini * SPONSORED CONTENT * * PIXFUTURE * DIGGING THE DEEP WEB: EXPLORING THE DARK SIDE OF THE WEB * SECURITYAFFAIRS AWARDED AS BEST EUROPEAN CYBERSECURITY TECH BLOG AT EUROPEAN CYBERSECURITY BLOGGER AWARDS * CENTER FOR CYBER SECURITY AND INTERNATIONAL RELATIONS STUDIES * SUBSCRIBE SECURITY AFFAIRS NEWSLETTER More Story CITRIX ADDRESSES A CRITICAL FLAW IN ADC, GATEWAY Citrix addressed two vulnerabilities affecting Citrix ADC, Gateway, and SD-WAN, one of them is a critical issue leading... Copyright 2021 Security Affairs by Pierluigi Paganini All Right Reserved. Back to top * Home * Cyber Crime * Cyber warfare * APT * Data Breach * Deep Web * Digital ID * Hacking * Hacktivism * Intelligence * Internet of Things * Laws and regulations * Malware * Mobile * Reports * Security * Social Networks * Terrorism * ICS-SCADA * EXTENDED COOKIE POLICY * Contact me This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here. If you continue to browse this site without changing your cookie settings, you agree to this use. Accept Read More Privacy and Cookies Policy Close PRIVACY OVERVIEW This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities... Necessary Necessary Always Enabled Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information. Non-necessary Non-necessary Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website. SAVE & ACCEPT