Advanced Database Cleaner < 3.1.1 - Reflected Cross-Site Scripting
CVE-2022-2173

6.1MEDIUM

Key Information:

Vendor
Wordpress
Status
Advanced Database Cleaner
Vendor
CVE Published:
17 July 2022

Summary

The Advanced Database Cleaner WordPress plugin before 3.1.1 does not escape numerous generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting

Affected Version(s)

Advanced Database Cleaner 3.1.1

References

https://wpscan.com/vulnerability/86bfe0cc-a579-43d6-a26b-...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

ZhongFu Su(JrXnm) of WuHan University
.