CVE-2022-46813

Cross-Site Request Forgery CSRF vulnerability in Younes JFR. Advanced Database Cleaner plugin = 3.1.1 versions...

CVE-2022-2173

The Advanced Database Cleaner WordPress plugin before 3.1.1 does not escape numerous generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting...

CVE-2021-24921

The Advanced Database Cleaner WordPress plugin before 3.0.4 does not sanitise and escape $GET keys and values before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues...

CVE-2021-24141

Unvaludated input in the Advanced Database Cleaner plugin, versions before 3.0.2, lead to SQL injection allowing high privilege users admin+ to perform SQL attacks...

WordPress Advanced Database Cleaner Plugin < 3.1.4 PHP Object Injection Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:sigmaplugin:advanceddatabasecleaner"; ifdescription...

Database Cleaner < 1.0.6 - Authenticated (Admin+) Arbitrary File Read

Description The Database Cleaner: Clean, Optimize & Repair plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.5 via the getlogs function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server,...

CVE-2024-35712

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Jordy Meow Database Cleaner allows Relative Path Traversal.This issue affects Database Cleaner: from n/a through 1.0.5...

CVE-2024-35712

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Jordy Meow Database Cleaner allows Relative Path Traversal.This issue affects Database Cleaner: from n/a through 1.0.5...

CVE-2024-35712 WordPress Database Cleaner: Clean, Optimize & Repair plugin <= 1.0.5 - Arbitrary File Read vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Jordy Meow Database Cleaner allows Relative Path Traversal.This issue affects Database Cleaner: from n/a through 1.0.5...

CVE-2024-35712

CVE-2024-35712 affects Jordy Meow Database Cleaner (WordPress) up to v1.0.5. Root cause: improper limitation of a pathname to a restricted directory, enabling relative path traversal. Impact: potential confidentiality exposure (C:H) per CVSS. Exploit details not provided in connected docs; fix/ve...

CVE-2024-35712 WordPress Database Cleaner: Clean, Optimize & Repair plugin <= 1.0.5 - Arbitrary File Read vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Jordy Meow Database Cleaner allows Relative Path Traversal.This issue affects Database Cleaner: from n/a through 1.0.5...

WordPress plugin Database Cleaner path traversal vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

WordPress Database Cleaner: Clean, Optimize & Repair plugin <= 1.0.5 - Arbitrary File Read vulnerability

Arbitrary File Read vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Database Cleaner versions = 1.0.5...

WordPress Database Cleaner Plugin <= 1.0.5 is vulnerable to Directory Traversal

Software Database Cleaner Type Plugin Vulnerable versions = 1.0.5 Fixed in 1.0.6 OWASP Top 10 A5: Security Misconfiguration Classification Directory Traversal CVE CVE-2024-35712 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID 5bd9ebec1e34 Credits Ananda Dhakal Patchstack...

WordPress Advanced Database Cleaner Plugin <= 3.1.3 is vulnerable to PHP Object Injection

Software Advanced Database Cleaner Type Plugin Vulnerable versions = 3.1.3 Fixed in 3.1.4 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-0668 Patch priority Low CVSS severity Low 6.6 Developer Claim ownership PSID ae822ac39b98 Credits Richard Telleng stueotue Required...

CVE-2024-0668

The Advanced Database Cleaner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.3 via deserialization of untrusted input in the 'processbulkaction' function. This makes it possible for authenticated attacker, with administrator access and above, ...

Deserialization of untrusted data

The Advanced Database Cleaner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.3 via deserialization of untrusted input in the 'processbulkaction' function. This makes it possible for authenticated attacker, with administrator access and above, ...

CVE-2024-0668

CVE-2024-0668 affects the WordPress plugin “Advanced Database Cleaner” (≤ v3.1.3). The root cause is PHP Object Injection via deserialization in the process_bulk_action function, exploitable by an authenticated attacker with administrator-level access (no user interaction required). Potential imp...

CVE-2024-0668 Advanced Database Cleaner <= 3.1.3 - Authenticated(Administrator+) PHP Object Injection via process_bulk_action

The Advanced Database Cleaner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.3 via deserialization of untrusted input in the 'processbulkaction' function. This makes it possible for authenticated attacker, with administrator access and above, ...

PT-2024-15733 · WordPress · Advanced Database Cleaner

Name of the Vulnerable Software and Affected Versions: Advanced Database Cleaner plugin for WordPress versions up to, and including, 3.1.3 Description: The issue allows an authenticated attacker with administrator access and above to inject a PHP Object via deserialization of untrusted input in t...