Tags, , ,
Super secure VPN
Minimal data logging
Favorable privacy policy

(adsbygoogle = window.adsbygoogle || []).push({});

The IT security researchers at Patchstack (previously known as WebARX) have discovered a high severity security vulnerability in the WP Reset PRO WordPress plugin that allows ‘authenticated’ users to wipe data from vulnerable websites. 
According to their advisory, the vulnerability can be exploited by an attacker to wipe the entire website’s database by simply visiting the site’s homepage to initiate the WordPress installation process. Patschstack CEO Oliver Sild called it a “destructive vulnerability” that can mainly cause problems for e-commerce websites that offer open registration.
It is worth noting that any authenticated user can exploit this vulnerability whether they are authorized or not and wipe all tables stored in a WordPress installation database to restart the WordPress installation process. The exploitation requires the attacker to pass a query parameter such as “%%wp” to delete all the tables with the prefix wp.
SEE: 5 WordPress Security Solutions with Free SSL Certificates
A threat actor can abuse this flaw to create an administrator account onto the website, which is necessary to complete the installation process. Moreover, the attacker can exploit this new admin account to upload malicious plugins to the website or install trojan backdoors.

(adsbygoogle = window.adsbygoogle || []).push({});

“The issue in this plugin is caused due to a lack of authorization and nonce token check. The plugin registers a few actions in the admin_action_* scope. In the case of this vulnerability, it’s admin_action_wpr_delete_snapshot_tables,” the advisory read.
“Unfortunately, the admin_action_* scope does not perform a check to determine if the user is authorized to perform said action, nor does it validate or check a nonce token to prevent CSRF attacks.”
This vulnerability, tracked as CVE-2021-36909, impacts premium versions of the WP Reset Plugin, including all versions released until v. 5.98. The plugin is designed to help admins reset the whole website or some parts of it to perform faster debugging and testing and restore the site from built-in snapshots. All of this is done via a single mouse click.
Critical WordPress plugin vulnerability allowed attackers to wipe databaseCritical WordPress plugin vulnerability allowed attackers to wipe database
For your information, the free and open-source version of WP Reset, developed by WebFactory Ltd., is listed in the WordPress plugin repository boasting over 300,000 active installations. According to its developer, the number of users has already exceeded 400,000.
Sild explained that the bug could be exploited to access other websites on the same server.

(adsbygoogle = window.adsbygoogle || []).push({});

“If there is an old site forgotten to a subdirectory (we see that a lot) that has that plugin installed and the server environment is connected, then this would allow getting access to other sites in the same environment,” Sild noted.
SEE: 7 Tips to Increase Your WordPress Security
The bug was fixed in WP Reset PRO 5.99 on September 28, 2021. Therefore, update the plugin to the latest version if you have not done it already.
Did you enjoy reading this article? Like our page on Facebook and follow us on Twitter.

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism


Newsletter
Get the best stories straight into your inbox!

Don’t worry, we don’t spam
 App Store Google News
HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.
Hackread.com is among the registered trademarks of Gray Dot Media Group Ltd. Company registration number 12903776 in regulation with the United Kingdom Companies House. The registered address is 85 Great Portland Street, London, England, W1W 7LT
The display of third-party trademarks and trade names on the site do not necessarily indicate any affiliation or endorsement of Hackread.com. If you click an affiliate link and buy a product or service, we may be paid a fee by that merchant.

source

Leave a Reply

Your email address will not be published. Required fields are marked *