Filtered by vendor Sigmaplugin
Subscriptions
Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-49764 | 1 Sigmaplugin | 1 Advanced Database Cleaner | 2024-09-03 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Younes JFR. Advanced Database Cleaner.This issue affects Advanced Database Cleaner: from n/a through 3.1.2. | ||||
| CVE-2021-24921 | 1 Sigmaplugin | 1 Advanced Database Cleaner | 2024-08-03 | 6.1 Medium |
| The Advanced Database Cleaner WordPress plugin before 3.0.4 does not sanitise and escape $_GET keys and values before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues | ||||
| CVE-2021-24141 | 1 Sigmaplugin | 1 Advanced Database Cleaner | 2024-08-03 | 7.2 High |
| Unvaludated input in the Advanced Database Cleaner plugin, versions before 3.0.2, lead to SQL injection allowing high privilege users (admin+) to perform SQL attacks. | ||||
| CVE-2022-46813 | 1 Sigmaplugin | 1 Advanced Database Cleaner | 2024-08-03 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Younes JFR. Advanced Database Cleaner plugin <= 3.1.1 versions. | ||||
| CVE-2022-2181 | 1 Sigmaplugin | 1 Advanced Wordpress Reset | 2024-08-03 | 6.1 Medium |
| The Advanced WordPress Reset WordPress plugin before 1.6 does not escape some generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting | ||||
| CVE-2022-2173 | 1 Sigmaplugin | 1 Advanced Database Cleaner | 2024-08-03 | 6.1 Medium |
| The Advanced Database Cleaner WordPress plugin before 3.1.1 does not escape numerous generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting | ||||
| CVE-2024-0668 | 1 Sigmaplugin | 1 Advanced Database Cleaner | 2024-08-01 | 6.6 Medium |
| The Advanced Database Cleaner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.3 via deserialization of untrusted input in the 'process_bulk_action' function. This makes it possible for authenticated attacker, with administrator access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | ||||
Page 1 of 1.