Critical bugs found in the WordPress Database Reset plugin used by over 80,000 sites allow attackers to drop all users and get automatically elevated to an administrator role and to reset any table in the database. The two vulnerabilities tracked as CVE-2020-7048 and High severity, were patched with the release of WP Database Reset 3.15, a week after the initial disclosure from WordFence. Over 8,300 users have already updated their installations, with more than 71,000 still having to secure their websites from potential attacks.
Source: https://www.bleepingcomputer.com/news/security/wordpress-plugin-bugs-let-hackers-wipe-or-takeover-your-site/