Vulnerability Description
Authenticated Database Reset vulnerability in WordPress WP Reset PRO Premium plugin (versions <= 5.98) allows any authenticated user to wipe the entire database regardless of their authorization. It leads to a complete website reset and takeover.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Webfactoryltd | Wp Reset Pro | <= 5.98 |
Related Weaknesses (CWE)
References
- https://patchstack.com/database/vulnerability/wp-reset/wordpress-wp-reset-pro-prThird Party Advisory
- https://patchstack.com/wp-reset-pro-critical-vulnerability-fixed/ExploitThird Party Advisory
- https://wpreset.com/changelog/Release NotesVendor Advisory
- https://patchstack.com/database/vulnerability/wp-reset/wordpress-wp-reset-pro-prThird Party Advisory
- https://patchstack.com/wp-reset-pro-critical-vulnerability-fixed/ExploitThird Party Advisory
- https://wpreset.com/changelog/Release NotesVendor Advisory
FAQ
What is CVE-2021-36909?
CVE-2021-36909 is a vulnerability with a CVSS score of 8.8 (HIGH). Authenticated Database Reset vulnerability in WordPress WP Reset PRO Premium plugin (versions <= 5.98) allows any authenticated user to wipe the entire database regardless of their authorization. It l...
How severe is CVE-2021-36909?
CVE-2021-36909 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-36909?
Check the references section above for vendor advisories and patch information. Affected products include: Webfactoryltd Wp Reset Pro.