Wordpress database reset Vulnerability

A nasty vulnerability has been found for the wordpress plugin Wordpress database reset

Wordpress database reset logo Firo Solutions CVE-2020-7047 CVE-2020-7048

Summary:

Two CVE’s has been created for the Wordpress plugin
Wordpress database reset.
The vulnerabilities allows a unauthenticated depart
to remove all the data in the database and reset it
to its default installation state as well as allowing
a user to escalate its privileges to admin.

CVE’s:

CVE-2020-7047

A vulnerability in the plugins allows any user to alter the data in the database
with administrator privileges.

CVE-2020-7048

This vulnerability allows an unauthenticated third party
to reset the database and remove it’s content.
If a third party where to do so it would reset and remove all the content you have produced.
And you will be out of luck if you don’t have a backup.

Vulnerability in the plugin

public function reset( array $tables ) {     
         if ( in_array('users', $tables ) ) {
           $this->reset_users = true;
         }
        
         $this->validate_selected( $tables );
         $this->set_backup();
         $this->reinstall();
         $this->restore_backup();
       }
        
       private function validate_selected( array $tables ) {
         if ( ! empty( $tables ) && is_array( $tables ) ) {
           $this->selected = array_flip( $tables );

The code does not check if the request comes from
an authorized party.

Patch:

The vulnerabilities has both been patched in the latest version
of the Wordpress database reset plugin.
So updating to the latest version will solve the problem.

Wordfence write up
wpvulndb.com index of vulnerability
Wordpress database reset plugin