Lucene search
K

4 matches found

patchstack
patchstack
added 2024/02/06 12:0 a.m.10 views

WordPress Advanced Database Cleaner Plugin <= 3.1.3 is vulnerable to PHP Object Injection

Software Advanced Database Cleaner Type Plugin Vulnerable versions = 3.1.3 Fixed in 3.1.4 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-0668 Patch priority Low CVSS severity Low 6.6 Developer Claim ownership PSID ae822ac39b98 Credits Richard Telleng stueotue Required...

7.2CVSS6.8AI score0.01139EPSS
Exploits0References3Affected Software1
nvd
nvd
added 2024/02/05 10:16 p.m.20 views

CVE-2024-0668

The Advanced Database Cleaner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.3 via deserialization of untrusted input in the 'processbulkaction' function. This makes it possible for authenticated attacker, with administrator access and above, ...

7.2CVSS6.7AI score0.01139EPSS
Exploits0References4
cve
cve
added 2024/02/05 9:22 p.m.56 views

CVE-2024-0668

CVE-2024-0668 affects the WordPress plugin “Advanced Database Cleaner” (≤ v3.1.3). The root cause is PHP Object Injection via deserialization in the process_bulk_action function, exploitable by an authenticated attacker with administrator-level access (no user interaction required). Potential imp...

7.2CVSS7.6AI score0.01139EPSS
Exploits0References4Affected Software1
cvelist
cvelist
added 2024/02/05 9:22 p.m.29 views

CVE-2024-0668 Advanced Database Cleaner <= 3.1.3 - Authenticated(Administrator+) PHP Object Injection via process_bulk_action

The Advanced Database Cleaner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.3 via deserialization of untrusted input in the 'processbulkaction' function. This makes it possible for authenticated attacker, with administrator access and above, ...

6.6CVSS7.3AI score0.01139EPSS
Exploits0References4
Rows per page
Query Builder