Extreme security vulnerabilities in the WP Reset PRO WordPress plugin may be used by an authorized user to delete all website archives, according to a warning from researchers at Packstack (formerly known as WebARX).
The problem can be exploited by any authorized user, no matter how authorized, to clear all tables on the WordPress installation site. This could trigger a reboot of the WordPress installation process. An attacker can misuse this to create an administrator account on a WordPress website (an administrator account must be created to complete the installation process), according to Patchstack advice.
An attacker can also use a newly created account to upload malicious plugins to a website, or install Trojan backdoors.
Read More: https://www.securityweek.com/critical-flaw-wordpress-plugin-leads-database-wipe
For more such updates follow us on Google News ITsecuritywire News