Unknown Advanced Database Cleaner vulnerabilities
3 known vulnerabilities affecting unknown/advanced_database_cleaner.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2022-2173MEDIUMCVSS 6.1≥ 3.1.1, < 3.1.12022-07-17
CVE-2022-2173 [MEDIUM] CWE-79 CVE-2022-2173: The Advanced Database Cleaner WordPress plugin before 3.1.1 does not escape numerous generated URLs
The Advanced Database Cleaner WordPress plugin before 3.1.1 does not escape numerous generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting
cvelistv5nvd
CVE-2021-24921MEDIUMCVSS 6.1≥ 3.0.4, < 3.0.42022-02-21
CVE-2021-24921 [MEDIUM] CWE-79 CVE-2021-24921: The Advanced Database Cleaner WordPress plugin before 3.0.4 does not sanitise and escape $_GET keys
The Advanced Database Cleaner WordPress plugin before 3.0.4 does not sanitise and escape $_GET keys and values before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues
cvelistv5nvd
CVE-2021-24141HIGHCVSS 7.2≥ 3.0.2, < 3.0.22021-03-18
CVE-2021-24141 [HIGH] CWE-89 CVE-2021-24141: Unvaludated input in the Advanced Database Cleaner plugin, versions before 3.0.2, lead to SQL inject
Unvaludated input in the Advanced Database Cleaner plugin, versions before 3.0.2, lead to SQL injection allowing high privilege users (admin+) to perform SQL attacks.
cvelistv5nvd