Vulnerabilities > CVE-2021-36909 - Missing Authorization vulnerability in Webfactoryltd WP Reset PRO

047910
CVSS 8.1 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
webfactoryltd
CWE-862

Summary

Authenticated Database Reset vulnerability in WordPress WP Reset PRO Premium plugin (versions <= 5.98) allows any authenticated user to wipe the entire database regardless of their authorization. It leads to a complete website reset and takeover.

Vulnerable Configurations

Part Description Count
Application
Webfactoryltd
63

Common Weakness Enumeration (CWE)