RSS   Vulnerabilities for 'Advanced database cleaner'   RSS

2022-07-17
 
CVE-2022-2173

CWE-79
 

 
The Advanced Database Cleaner WordPress plugin before 3.1.1 does not escape numerous generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting

 
2022-02-21
 
CVE-2021-24921

CWE-79
 

 
The Advanced Database Cleaner WordPress plugin before 3.0.4 does not sanitise and escape $_GET keys and values before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues

 
2021-03-18
 
CVE-2021-24141

CWE-89
 

 
Unvaludated input in the Advanced Database Cleaner plugin, versions before 3.0.2, lead to SQL injection allowing high privilege users (admin+) to perform SQL attacks.

 


Copyright 2022, cxsecurity.com

 

Back to Top