Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total4
Critical0
High0
Medium4
Reset
Showing 1-4 of 4 records
Threat Entry Updated 2025-10-27

CVE-2025-11497 - Advanced Database Cleaner Plugin

The Advanced Database Cleaner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.6. This is due to missing or incorrect nonce validation on the aDBc_prepare_elements_to_clean() function. This makes it possible for unauthenticated attackers to alter the keep last setting via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Advanced Database Cleaner

CVE-2025-11497

MEDIUM CVSS 4.3 2025-10-25
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-0668 - Advanced Database Cleaner Plugin

The Advanced Database Cleaner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.3 via deserialization of untrusted input in the 'process_bulk_action' function. This makes it possible for authenticated attacker, with administrator access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

PLUGIN Advanced Database Cleaner

CVE-2024-0668

MEDIUM CVSS 6.6 2024-02-05
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-2173 - Advanced Database Cleaner Plugin

The Advanced Database Cleaner WordPress plugin before 3.1.1 does not escape numerous generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting

PLUGIN Advanced Database Cleaner

CVE-2022-2173

MEDIUM CVSS 6.1 2022-07-17
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24921 - Advanced Database Cleaner Plugin

The Advanced Database Cleaner WordPress plugin before 3.0.4 does not sanitise and escape $_GET keys and values before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues

PLUGIN Advanced Database Cleaner

CVE-2021-24921

MEDIUM CVSS 6.1 2022-02-21
Open Full Technical Breakdown
Scroll to top