Advanced Database Cleaner <= 3.1.0 is vulnerable to Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated

Published
2022-06-26

The Advanced Database Cleaner WordPress plugin before 3.1.1 does not escape numerous generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting

CVE

https://www.cve.org/CVERecord?id=CVE-2022-2173

CVSS

Score:4.8

Severity:Medium

Version: 3.1.0

There is a patch available in v3.1.1 and we strongly recommend you update to this version as soon as possible.