WordPress Advanced Database Cleaner Plugin <= 3.1.2 is vulnerable to SQL Injection
CVE-2023-49764

7.6HIGH

Key Information:

Vendor: WordPress
Status: Advanced Database Cleaner
Vendor: CVE Published:; 19 December 2023

What is CVE-2023-49764?

An SQL Injection vulnerability exists in the Advanced Database Cleaner plugin by Younes JFR, which allows attackers to manipulate SQL queries. This flaw enables unauthorized access to sensitive data and could lead to further exploits if not addressed promptly. All versions of the plugin from n/a to 3.1.2 are affected, highlighting the importance of applying security patches and updates to mitigate potential risks.

Affected Version(s)

Advanced Database Cleaner <= 3.1.2

References

https://patchstack.com/database/vulnerability/advanced-da...

vdb-entry

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 19, 2023
Vulnerability Reserved
Nov 30, 2023

Credit

Mika (Patchstack Alliance)