Advanced Database Cleaner < 3.1.1 - Reflected Cross-Site Scripting

The plugin does not escape numerous generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=advanceddbcleaner&aDBctab=cron&aDBccat=all&"alert/XSS/ Other pages are affected...

Advanced Database Cleaner < 3.1.1 - Reflected Cross-Site Scripting

The plugin does not escape numerous generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting PoC https://example.com/wp-admin/admin.php?page=advanceddbcleanertab=croncat=all&" Other pages are affected...

WordPress Plugin Advanced Database Cleaner Cross-Site Scripting Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin Advanced Database Cleaner prior to version...

CVE-2021-24921

The Advanced Database Cleaner WordPress plugin before 3.0.4 does not sanitise and escape $GET keys and values before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues...

Cross site scripting

The Advanced Database Cleaner WordPress plugin before 3.0.4 does not sanitise and escape $GET keys and values before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues...

WordPress plugin Advanced Database Cleaner 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin Advanced Database Cleaner prior to version...

WordPress Advanced Database Cleaner plugin <= 3.0.3 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress Advanced Database Cleaner plugin versions = 3.0.3. Solution Update the WordPress Advanced Database Cleaner plugin to the latest available version at least 3.0.4...

Advanced Database Cleaner < 3.0.4 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape $GET keys and values before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues https://example.com/wp-admin/admin.php?page=advanceddbcleaner&aDBctab=options&aDBccat=all&'alert/XSS-key/=alert/XSS-value/...

Advanced Database Cleaner < 3.0.4 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape $GET keys and values before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues PoC https://example.com/wp-admin/admin.php?page=advanceddbcleanertab=optionscat=all&'=...

Wordpress Advanced Database Cleaner plugin SQL Injection Vulnerability

Wordpress Advanced Database Cleaner is an application plugin for Wordpress. The plugin is used to clean up the database by removing isolated items such as old revisions, spam comments, optimizing the database etc. A SQL injection vulnerability exists in versions of the Advanced Database Cleaner...

CVE-2021-24141

Unvaludated input in the Advanced Database Cleaner plugin, versions before 3.0.2, lead to SQL injection allowing high privilege users admin+ to perform SQL attacks...

CVE-2021-24141

Unvaludated input in the Advanced Database Cleaner plugin, versions before 3.0.2, lead to SQL injection allowing high privilege users admin+ to perform SQL attacks...

Sql injection

Unvaludated input in the Advanced Database Cleaner plugin, versions before 3.0.2, lead to SQL injection allowing high privilege users admin+ to perform SQL attacks...

CVE-2021-24141

The WordPress plugin Advanced Database Cleaner (vulnerable up to 3.0.1) is affected by an unvalidated-input SQL injection. The issue allows authenticated high-privilege users (admin+) to perform SQL attacks and potentially exfiltrate data. Root cause: insufficient input validation in the plugin’s...

CVE-2021-24141 Advanced Database Cleaner < 3.0.2 - Authenticated SQL injection

Unvaludated input in the Advanced Database Cleaner plugin, versions before 3.0.2, lead to SQL injection allowing high privilege users admin+ to perform SQL attacks...

Wordpress Advanced Database Cleaner SQL注入漏洞

Wordpress Advanced Database Cleaner is an application plugin for Wordpress. The plugin is used to clean up the database by removing isolated items such as old revisions, spam comments, optimizing the database etc. A SQL injection vulnerability exists in versions of the Advanced Database Cleaner...

Advanced Database Cleaner < 3.0.2 - Authenticated SQL injection

The plugin did not properly sanitise user input given, allowing high privilege users admin+ to perform SQL injection attacks. PoC https://drive.google.com/file/d/1ljyMPfcwLXP2VS8lbAKNR9SzNfX1sm3W/view?usp=sharing...

WordPress Advanced Database Cleaner plugin <= 3.0.1 - Authenticated SQL injection (SQLi) vulnerability

Authenticated SQL injection SQLi vulnerability found by Nguyen Van Khanh SunCSR in WordPress Advanced Database Cleaner plugin versions = 3.0.1. Solution Update the WordPress Advanced Database Cleaner plugin to the latest available version at least 3.0.2...

Advanced Database Cleaner < 3.0.2 - Authenticated SQL injection

The plugin did not properly sanitise user input given, allowing high privilege users admin+ to perform SQL injection attacks. https://drive.google.com/file/d/1ljyMPfcwLXP2VS8lbAKNR9SzNfX1sm3W/view?usp=sharing...