6 matches found
CVE-2021-24921
The CVE-2021-24921 entry relates to the WordPress plugin Advanced Database Cleaner (before version 3.0.4). The underlying issue is that the plugin does not sanitize/escape $_GET keys and values before echoing them into attributes, enabling Reflected Cross-Site Scripting (XSS). Affected software: ...
CVE-2022-2173
CVE-2022-2173 concerns the WordPress plugin Advanced Database Cleaner prior to version 3.1.1 . The vulnerability arises because the plugin does not escape numerous generated URLs before outputting them into href attributes on admin dashboard pages, enabling a Reflected Cross‑Site Scripting (XSS) ...
CVE-2023-49764
CVE-2023-49764 affects the WordPress plugin Advanced Database Cleaner (
CVE-2024-0668
CVE-2024-0668 affects the WordPress plugin “Advanced Database Cleaner” (≤ v3.1.3). The root cause is PHP Object Injection via deserialization in the process_bulk_action function, exploitable by an authenticated attacker with administrator-level access (no user interaction required). Potential imp...
CVE-2021-24141
The WordPress plugin Advanced Database Cleaner (vulnerable up to 3.0.1) is affected by an unvalidated-input SQL injection. The issue allows authenticated high-privilege users (admin+) to perform SQL attacks and potentially exfiltrate data. Root cause: insufficient input validation in the plugin’s...
CVE-2022-46813
CVE-2022-46813 affects the WordPress plugin Advanced Database Cleaner (versions