GCVE - cpe:2.3:a:webfactoryltd:wp_database_reset:*:*:*:*:*:wordpress:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:webfactoryltd:wp_database_reset:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Webfactoryltd (`42e366d7-a42e-568c-8deb-d59744fb0f59`)
Product	Wp Database Reset (`19a0cda9-9e98-5ac5-8d49-6b87d620f237`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-1501`	vulnerable	2026-06-03 14:54:27.138298	Database Reset <= 3.22 - Cross-Site Request Forgery to WP Reset Plugin Installation MEDIUM (4.7) The Database Reset plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.22. This is due to missing or incorrect nonce validation on the install_wpr() function. This makes it possible for unauthenticated attackers to install the WP Reset Plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Published: 2024-02-21T03:36:00.166Z Updated: 2026-04-08T17:12:44.768Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/a2e493cf-d022-404d-a501-a6671e6116f4?source=cve https://plugins.trac.wordpress.org/browser/wordpress-database-reset/trunk/class-db-reset-admin.php#L127 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3037742%40wordpress-database-reset&new=3037742%40wordpress-database-reset&sfp_email=&sfph_mail=	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-7048`	vulnerable	2026-06-03 14:43:05.196100	Details available CRITICAL (9.1) The WordPress plugin, WP Database Reset through 3.1, contains a flaw that allowed any unauthenticated user to reset any table in the database to the initial WordPress set-up state (deleting all site content stored in that table), as demonstrated by a wp-admin/admin-post.php?db-reset-tables[]=comments URI. Published: 2020-01-16T20:35:15.000Z Updated: 2024-08-04T09:18:03.025Z Open on db.gcve.eu Reference links https://wordpress.org/plugins/wordpress-database-reset/#developers https://wpvulndb.com/vulnerabilities/10027 https://www.wordfence.com/blog/2020/01/easily-exploitable-vulnerabilities-patched-in-wp-database-reset-plugin/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-7047`	vulnerable	2026-06-03 14:43:05.195627	Details available CRITICAL (9.9) The WordPress plugin, WP Database Reset through 3.1, contains a flaw that gave any authenticated user, with minimal permissions, the ability (with a simple wp-admin/admin.php?db-reset-tables[]=users request) to escalate their privileges to administrator while dropping all other users from the table. Published: 2020-01-16T20:37:04.000Z Updated: 2024-08-04T09:18:02.597Z Open on db.gcve.eu Reference links https://wordpress.org/plugins/wordpress-database-reset/#developers https://wpvulndb.com/vulnerabilities/10028 https://www.wordfence.com/blog/2020/01/easily-exploitable-vulnerabilities-patched-in-wp-database-reset-plugin/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Wp Database Reset

PURL mappings

Vulnerability references

Contribute