cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-0668,https://securityvulnerability.io/vulnerability/CVE-2024-0668,Advanced Database Cleaner Plugin Vulnerable to PHP Object Injection,"The Advanced Database Cleaner plugin for WordPress is susceptible to PHP Object Injection in all versions up to and including 3.1.3. This vulnerability arises from the unsafe deserialization of untrusted input within the 'process_bulk_action' function, allowing authenticated users with admin-level access to potentially inject a PHP object. While the plugin itself does not establish a property-oriented programming (POP) chain, the presence of such a chain through additional plugins or themes can lead to significant security risks. Attackers could manipulate this flaw to delete arbitrary files, access sensitive data, or execute unauthorized code within the affected WordPress site.",Wordpress,Advanced Database Cleaner,7.2,HIGH,0.0007300000288523734,false,,false,false,false,,false,false,2024-02-05T21:22:03.271Z,0
CVE-2022-2173,https://securityvulnerability.io/vulnerability/CVE-2022-2173,Advanced Database Cleaner < 3.1.1 - Reflected Cross-Site Scripting,"The Advanced Database Cleaner WordPress plugin before 3.1.1 does not escape numerous generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting",Wordpress,Advanced Database Cleaner,6.1,MEDIUM,0.0007600000244565308,false,,false,false,false,,false,false,2022-07-17T10:36:59.000Z,0
CVE-2021-24921,https://securityvulnerability.io/vulnerability/CVE-2021-24921,Advanced Database Cleaner < 3.0.4 - Reflected Cross-Site Scripting,"The Advanced Database Cleaner WordPress plugin before 3.0.4 does not sanitise and escape $_GET keys and values before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues",Wordpress,Advanced Database Cleaner,6.1,MEDIUM,0.0007999999797903001,false,,false,false,false,,false,false,2022-02-21T10:45:41.000Z,0