CVE-2020-36852
📋 TL;DR
This vulnerability in the WordPress Custom Searchable Data Entry System plugin allows unauthenticated attackers to completely wipe critical database tables, including wp_users. Any WordPress site running vulnerable plugin versions up to 1.7.1 is affected, potentially leading to complete site destruction.
💻 Affected Systems
- WordPress Custom Searchable Data Entry System plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete site destruction with all user accounts, content, and configuration deleted, requiring full restoration from backups.
Likely Case
Critical database tables wiped, causing site outage and data loss requiring restoration.
If Mitigated
Attack blocked at WAF level or plugin disabled, no impact.
🎯 Exploit Status
Simple HTTP request to vulnerable endpoint with minimal technical skill required.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.7.2 or later
Vendor Advisory: https://wordpress.org/plugins/custom-searchable-data-entry-system/#developers
Restart Required: No
Instructions:
1. Update plugin to version 1.7.2 or later via WordPress admin panel. 2. Verify update completed successfully. 3. Test plugin functionality.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily deactivate the Custom Searchable Data Entry System plugin
wp plugin deactivate custom-searchable-data-entry-system
WAF rule blocking
allBlock requests to vulnerable endpoint at web application firewall
Block POST requests to */wp-admin/admin-ajax.php with action=ghazale_sds_delete_entries_table_row
🧯 If You Can't Patch
- Immediately disable the plugin via WordPress admin or command line
- Implement strict WAF rules to block all requests to the vulnerable endpoint
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel for plugin version 1.7.1 or earlierCheck Version:
wp plugin get custom-searchable-data-entry-system --field=versionVerify Fix Applied:
Confirm plugin version is 1.7.2 or later in WordPress admin📡 Detection & Monitoring
Log Indicators:
- POST requests to /wp-admin/admin-ajax.php with action=ghazale_sds_delete_entries_table_row
- Database error logs showing table deletion
Network Indicators:
- HTTP POST requests to WordPress admin-ajax endpoint with specific action parameter
SIEM Query:
source="web_logs" AND uri="/wp-admin/admin-ajax.php" AND method="POST" AND params.action="ghazale_sds_delete_entries_table_row"