Login Sign Up

CVE-2021-36908

8.8 HIGH
CSRF

📋 TL;DR

This CSRF vulnerability in WP Reset PRO plugin allows attackers to trick authenticated administrators into performing unintended actions, specifically resetting the WordPress database to default settings. It affects WordPress sites using WP Reset PRO plugin version 5.98 and earlier. The vulnerability requires an administrator to be logged in and visit a malicious page.

💻 Affected Systems

Products:
  • WebFactory Ltd. WP Reset PRO WordPress Plugin
Versions: <= 5.98
Operating Systems: All operating systems running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Requires WordPress administrator to be authenticated and visit malicious page. WP Reset PRO is a premium plugin.

📦 What is this software?

Wp Reset Pro by Webfactoryltd

View all CVEs affecting Wp Reset Pro →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database reset leading to loss of all posts, pages, settings, and customizations, effectively destroying the WordPress site.

🟠

Likely Case

Partial or complete database reset causing significant data loss and site downtime requiring restoration from backups.

🟢

If Mitigated

No impact if proper CSRF protections are in place or if administrators don't visit malicious sites while logged in.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

CSRF attacks are well-understood and easy to implement. Exploit requires social engineering to get administrator to visit malicious page.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.99

Vendor Advisory: https://patchstack.com/wp-reset-pro-critical-vulnerability-fixed/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find WP Reset PRO and update to version 5.99 or later. 4. Verify update completed successfully.

🔧 Temporary Workarounds

Disable WP Reset PRO Plugin

all

Temporarily disable the vulnerable plugin until patched

wp plugin deactivate wp-reset-pro

Implement CSRF Protection Headers

linux

Add security headers to WordPress to help prevent CSRF attacks

Add to .htaccess: Header set X-Frame-Options "SAMEORIGIN"
Add to .htaccess: Header set Content-Security-Policy "frame-ancestors 'self'"

🧯 If You Can't Patch

  • Restrict administrator access to trusted networks only
  • Implement strict browser security policies and educate administrators about CSRF risks

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Installed Plugins for WP Reset PRO version <= 5.98

Check Version:

wp plugin list --name=wp-reset-pro --field=version

Verify Fix Applied:

Verify WP Reset PRO plugin version is 5.99 or higher in WordPress admin panel

📡 Detection & Monitoring

Log Indicators:

  • Unexpected database reset operations
  • Multiple failed login attempts followed by plugin activation

Network Indicators:

  • POST requests to wp-admin/admin-post.php with reset parameters from unexpected sources

SIEM Query:

source="wordpress.log" AND "wp_reset" AND "database" AND "reset"

📊 Metadata

CVE ID: CVE-2021-36908
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-352
Published: November 18, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-36908, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)
CVE-2024-33449 9.8

This SSRF vulnerability in PDFMyURL allows attackers to make the service send requests to internal s...

Same vulnerability type (CWE-352)