3 matches found
CVE-2021-24921
The CVE-2021-24921 entry relates to the WordPress plugin Advanced Database Cleaner (before version 3.0.4). The underlying issue is that the plugin does not sanitize/escape $_GET keys and values before echoing them into attributes, enabling Reflected Cross-Site Scripting (XSS). Affected software: ...
CVE-2022-2173
CVE-2022-2173 concerns the WordPress plugin Advanced Database Cleaner prior to version 3.1.1 . The vulnerability arises because the plugin does not escape numerous generated URLs before outputting them into href attributes on admin dashboard pages, enabling a Reflected Cross‑Site Scripting (XSS) ...
CVE-2021-24141
The WordPress plugin Advanced Database Cleaner (vulnerable up to 3.0.1) is affected by an unvalidated-input SQL injection. The issue allows authenticated high-privilege users (admin+) to perform SQL attacks and potentially exfiltrate data. Root cause: insufficient input validation in the plugin’s...