Sigmaplugin Advanced Database Cleaner vulnerabilities

6 known vulnerabilities affecting sigmaplugin/advanced_database_cleaner.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH4MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2024-0668HIGHCVSS 7.2≤ 3.1.32024-02-05
CVE-2024-0668 [MEDIUM] CWE-502 CVE-2024-0668: The Advanced Database Cleaner plugin for WordPress is vulnerable to PHP Object Injection in all vers The Advanced Database Cleaner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.3 via deserialization of untrusted input in the 'process_bulk_action' function. This makes it possible for authenticated attacker, with administrator access and above, to inject a PHP Object. No POP chain is present in the
nvd
CVE-2023-49764HIGHCVSS 7.2≤ 3.1.22023-12-19
CVE-2023-49764 [HIGH] CWE-89 CVE-2023-49764: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Younes JFR. Advanced Database Cleaner.This issue affects Advanced Database Cleaner: from n/a through 3.1.2.
nvd
CVE-2022-46813HIGHCVSS 8.8≤ 3.1.12023-05-23
CVE-2022-46813 [MEDIUM] CWE-352 CVE-2022-46813: Cross-Site Request Forgery (CSRF) vulnerability in Younes JFR. Advanced Database Cleaner plugin <= 3 Cross-Site Request Forgery (CSRF) vulnerability in Younes JFR. Advanced Database Cleaner plugin <= 3.1.1 versions.
nvd
CVE-2022-2173MEDIUMCVSS 6.1fixed in 3.1.12022-07-17
CVE-2022-2173 [MEDIUM] CWE-79 CVE-2022-2173: The Advanced Database Cleaner WordPress plugin before 3.1.1 does not escape numerous generated URLs The Advanced Database Cleaner WordPress plugin before 3.1.1 does not escape numerous generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting
nvd
CVE-2021-24921MEDIUMCVSS 6.1fixed in 3.0.42022-02-21
CVE-2021-24921 [MEDIUM] CWE-79 CVE-2021-24921: The Advanced Database Cleaner WordPress plugin before 3.0.4 does not sanitise and escape $_GET keys The Advanced Database Cleaner WordPress plugin before 3.0.4 does not sanitise and escape $_GET keys and values before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues
nvd
CVE-2021-24141HIGHCVSS 7.2fixed in 3.0.22021-03-18
CVE-2021-24141 [HIGH] CWE-89 CVE-2021-24141: Unvaludated input in the Advanced Database Cleaner plugin, versions before 3.0.2, lead to SQL inject Unvaludated input in the Advanced Database Cleaner plugin, versions before 3.0.2, lead to SQL injection allowing high privilege users (admin+) to perform SQL attacks.
nvd