Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerability in WordPress Reset PRO Plugin
Alerts

Critical Vulnerability in WordPress Reset PRO Plugin

11 November 2021

WordPress (WP) Reset has released security updates to address a critical vulnerability (CVE-2021-36909) found in the WP Reset PRO plugin. 

This vulnerability can be exploited by an authenticated user, regardless of their authorisation. Successful exploitation will allow the attacker to completely wipe the database of a WordPress site. In the unfortunate event that the database is wiped, it would trigger the restart of the WordPress installation process which could allow an attacker to create a rogue administrator account.

This vulnerability affects versions 5.98 and earlier of the WP Reset PRO plugin. 

Administrators and site owners of the affected versions are advised to upgrade to the latest product versions immediately.

More information is available here:

https://patchstack.com/wp-reset-pro-critical-vulnerability-fixed/

https://securityaffairs.co/wordpress/124458/security/wp-reset-pro-wordpress-plugin-flaw.html

https://www.bleepingcomputer.com/news/security/ironic-twist-wp-reset-pro-bug-lets-hackers-wipe-wordpress-sites/

Back to top