CVE-2024-0668
- EPSS 0.53%
- Veröffentlicht 05.02.2024 22:16:03
- Zuletzt bearbeitet 21.11.2024 08:47:06
The Advanced Database Cleaner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.3 via deserialization of untrusted input in the 'process_bulk_action' function. This makes it possible for authenticate...
CVE-2023-49764
- EPSS 0.14%
- Veröffentlicht 19.12.2023 21:15:09
- Zuletzt bearbeitet 21.11.2024 08:33:47
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Younes JFR. Advanced Database Cleaner.This issue affects Advanced Database Cleaner: from n/a through 3.1.2.
CVE-2022-46813
- EPSS 0.07%
- Veröffentlicht 23.05.2023 15:15:09
- Zuletzt bearbeitet 21.11.2024 07:31:05
Cross-Site Request Forgery (CSRF) vulnerability in Younes JFR. Advanced Database Cleaner plugin <= 3.1.1 versions.
CVE-2022-2173
- EPSS 0.21%
- Veröffentlicht 17.07.2022 11:15:09
- Zuletzt bearbeitet 21.11.2024 07:00:28
The Advanced Database Cleaner WordPress plugin before 3.1.1 does not escape numerous generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting
CVE-2021-24921
- EPSS 0.21%
- Veröffentlicht 21.02.2022 11:15:08
- Zuletzt bearbeitet 21.11.2024 05:54:00
The Advanced Database Cleaner WordPress plugin before 3.0.4 does not sanitise and escape $_GET keys and values before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues
CVE-2021-24141
- EPSS 0.53%
- Veröffentlicht 18.03.2021 15:15:15
- Zuletzt bearbeitet 21.11.2024 05:52:27
Unvaludated input in the Advanced Database Cleaner plugin, versions before 3.0.2, lead to SQL injection allowing high privilege users (admin+) to perform SQL attacks.