Description
Authenticated Database Reset vulnerability in WordPress WP Reset PRO Premium plugin (versions <= 5.98) allows any authenticated user to wipe the entire database regardless of their authorization. It leads to a complete website reset and takeover.
References (3)
Core 3
Core References
Release Notes, Vendor Advisory x_refsource_confirm
https://wpreset.com/changelog/
Third Party Advisory x_refsource_misc
https://patchstack.com/database/vulnerability/wp-reset/wordpress-wp-reset-pro-premium-plugin-5-98-authenticated-database-reset-vulnerability
Exploit, Third Party Advisory x_refsource_misc
https://patchstack.com/wp-reset-pro-critical-vulnerability-fixed/
Scores
CVSS v3
8.8
EPSS
0.0183
EPSS Percentile
76.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-284
CWE-862
Status
published
Products (2)
WebFactory Ltd./WP Reset PRO
<= 5.98 - 5.98
webfactoryltd/wp_reset_pro
< 5.98
Published
Nov 18, 2021
Tracked Since
Feb 18, 2026