CVE-2025-14168
CSRF in WP DB Booster Plugin Allows Database Record Deletion
Publication date: 2025-12-20
Last updated on: 2025-12-20
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wpmaniax | wp_db_booster | 1.0.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the WP DB Booster WordPress plugin (up to version 1.0.1) is a Cross-Site Request Forgery (CSRF) issue caused by missing nonce validation on the cleanup_all AJAX action. This allows unauthenticated attackers to trick a site administrator into performing unwanted actions, such as deleting database records including post drafts, revisions, comments, and metadata, by sending a forged request that the admin unknowingly executes. [2]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized deletion of important WordPress database records such as post drafts, revisions, comments, and metadata. An attacker can exploit this by tricking an administrator into clicking a malicious link, resulting in loss of data and potential disruption of website content and functionality. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves a missing nonce validation on the cleanup_all AJAX action in the WP DB Booster plugin, which can be exploited via forged requests. Detection can focus on monitoring for suspicious AJAX requests to the cleanup_all action, especially those that trigger database cleanup without proper authentication. Since the plugin operates within WordPress admin AJAX endpoints, you can detect attempts by inspecting web server logs or using network monitoring tools to look for POST requests to admin-ajax.php with the action parameter set to cleanup_all. Example commands to detect such requests in web server logs (assuming Apache logs) include: 1. grep 'admin-ajax.php' /var/log/apache2/access.log | grep 'action=cleanup_all' 2. Using tcpdump to capture HTTP POST requests to admin-ajax.php and filter for cleanup_all action. However, no explicit detection commands or scripts are provided in the resources. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1. Update the WP DB Booster plugin to a version later than 1.0.1 if available, as versions up to and including 1.0.1 are vulnerable. 2. Restrict access to the WordPress admin area and AJAX endpoints to trusted users only, minimizing the risk of an attacker tricking an admin into clicking a malicious link. 3. Implement additional security measures such as Web Application Firewalls (WAF) to block suspicious requests targeting the cleanup_all AJAX action. 4. Monitor and audit admin actions and logs for unusual cleanup operations. Since the vulnerability is due to missing nonce validation, ensuring that nonce checks are enforced in plugin code or disabling the plugin until a patch is available can also mitigate risk. The resources do not provide explicit mitigation commands but describe the plugin's cleanup actions and AJAX handling. [1, 2]