Critical Vulnerability in WordPress Reset PRO Plugin

Published on 11 Nov 2021

Updated on 11 Nov 2021

WordPress (WP) Reset has released security updates to address a critical vulnerability (CVE-2021-36909) found in the WP Reset PRO plugin. 

This vulnerability can be exploited by an authenticated user, regardless of their authorisation. Successful exploitation will allow the attacker to completely wipe the database of a WordPress site. In the unfortunate event that the database is wiped, it would trigger the restart of the WordPress installation process which could allow an attacker to create a rogue administrator account.

This vulnerability affects versions 5.98 and earlier of the WP Reset PRO plugin. 

Administrators and site owners of the affected versions are advised to upgrade to the latest product versions immediately.

More information is available here:

https://patchstack.com/wp-reset-pro-critical-vulnerability-fixed/

https://securityaffairs.co/wordpress/124458/security/wp-reset-pro-wordpress-plugin-flaw.html

https://www.bleepingcomputer.com/news/security/ironic-twist-wp-reset-pro-bug-lets-hackers-wipe-wordpress-sites/