CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0668 – Advanced Database Cleaner <= 3.1.3 - Authenticated(Administrator+) PHP Object Injection via process_bulk_action
https://notcve.org/view.php?id=CVE-2024-0668
24 Jan 2024 — The Advanced Database Cleaner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.3 via deserialization of untrusted input in the 'process_bulk_action' function. This makes it possible for authenticated attacker, with administrator access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary... • https://plugins.trac.wordpress.org/browser/advanced-database-cleaner/tags/3.1.3/includes/class_clean_cron.php#L224 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49764 – WordPress Advanced Database Cleaner Plugin <= 3.1.2 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-49764
04 Dec 2023 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Younes JFR. Advanced Database Cleaner.This issue affects Advanced Database Cleaner: from n/a through 3.1.2. Neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyección SQL') en Younes JFR. Advanced Database Cleaner. Este problema afecta a Advanced Database Cleaner: desde n/a hasta 3.1.2. • https://patchstack.com/database/vulnerability/advanced-database-cleaner/wordpress-advanced-database-cleaner-plugin-3-1-2-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46813 – WordPress Advanced Database Cleaner Plugin <= 3.1.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-46813
21 Feb 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Younes JFR. Advanced Database Cleaner plugin <= 3.1.1 versions. The Advanced Database Cleaner plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.1. This is due to missing or incorrect nonce validation on the aDBc_save_settings_callback function. This makes it possible for unauthenticated attackers to change plugin settings via a forged request granted they can trick a site administrator into performing an ... • https://patchstack.com/database/vulnerability/advanced-database-cleaner/wordpress-advanced-database-cleaner-plugin-3-1-1-cross-site-request-forgery-csrf?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2173 – Advanced Database Cleaner < 3.1.1 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-2173
27 Jun 2022 — The Advanced Database Cleaner WordPress plugin before 3.1.1 does not escape numerous generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting El plugin Advanced Database Cleaner de WordPress versiones anteriores a 3.1.1, no escapa de numerosas URLs generadas antes de devolverlas en los atributos href de las páginas del panel de control del administrador, conllevando a un ataque de tipo Cross-Site Scripting Reflejado • https://wpscan.com/vulnerability/86bfe0cc-a579-43d6-a26b-6e06000251f6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24921 – Advanced Database Cleaner < 3.0.4 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24921
24 Jan 2022 — The Advanced Database Cleaner WordPress plugin before 3.0.4 does not sanitise and escape $_GET keys and values before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues El plugin Advanced Database Cleaner de WordPress versiones anteriores a 3.0.4, no sanea y escapa de las claves y valores $_GET antes de devolverlos en atributos, conllevando a problemas de tipo Cross-Site Scripting Reflejado • https://wpscan.com/vulnerability/43ab0997-4d15-4ff7-af41-7b528b0ba3c7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2021-24141 – Advanced Database Cleaner < 3.0.2 - Authenticated SQL injection
https://notcve.org/view.php?id=CVE-2021-24141
06 Sep 2020 — Unvaludated input in the Advanced Database Cleaner plugin, versions before 3.0.2, lead to SQL injection allowing high privilege users (admin+) to perform SQL attacks. Una entrada no valorada en el plugin Advanced Database Cleaner, versiones anteriores a 3.0.2, conlleva a una inyección SQL que permite a usuarios muy privilegiado (admin+) llevar a cabo ataques SQL • https://wpscan.com/vulnerability/5c8adca0-fe19-4624-81ef-465b8d007f93 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •