CVE-2024-35712 – WordPress Database Cleaner: Clean, Optimize & Repair plugin <= 1.0.5 - Arbitrary File Read vulnerability
https://notcve.org/view.php?id=CVE-2024-35712
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Jordy Meow Database Cleaner allows Relative Path Traversal.This issue affects Database Cleaner: from n/a through 1.0.5. La limitación inadecuada de un nombre de ruta a una vulnerabilidad de directorio restringido ("Path Traversal") en Jordy Meow Database Cleaner permite el Relative Path Traversal. Este problema afecta a Database Cleaner: desde n/a hasta 1.0.5. The Database Cleaner: Clean, Optimize & Repair plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.5 via the get_logs() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. • https://patchstack.com/database/vulnerability/database-cleaner/wordpress-database-cleaner-clean-optimize-repair-plugin-1-0-5-arbitrary-file-read-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2023-51508 – WordPress Database Cleaner Plugin <= 0.9.8 is vulnerable to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-51508
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Database Cleaner: Clean, Optimize & Repair.This issue affects Database Cleaner: Clean, Optimize & Repair: from n/a through 0.9.8. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Jordy Meow Database Cleaner: Limpiar, optimizar y reparar. Este problema afecta a Database Cleaner: Limpiar, optimizar y reparar: desde n/a hasta 0.9.8. The Database Cleaner: Clean, Optimize & Repair plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 0.9.8 via the plugin's log file. This makes it possible for unauthenticated attackers to extract sensitive data including system and plugin configuration. • https://patchstack.com/database/vulnerability/database-cleaner/wordpress-database-cleaner-plugin-0-9-8-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve • CWE-532: Insertion of Sensitive Information into Log File •