汇总 sigmaplugin 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
历史漏洞主要涉及 SQL 注入与CSRF 等问题,部分漏洞可能导致 数据泄露,并影响 生产负载与软件部署 相关场景。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2024-0668 | The Advanced Database Cleaner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.3 via deserialization of untrusted input in the 'process_bulk_action' function. This makes it possible for authenticated attacker, with administrator access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to dele | [email protected] | 6.6 | 0.53% | 2024-02-05 | 2026-04-08 |
| CVE-2023-49764 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Younes JFR. Advanced Database Cleaner.This issue affects Advanced Database Cleaner: from n/a through 3.1.2. | [email protected] | 7.6 | 0.14% | 2023-12-19 | 2026-04-28 |
| CVE-2022-46813 | Cross-Site Request Forgery (CSRF) vulnerability in Younes JFR. Advanced Database Cleaner plugin <= 3.1.1 versions. | [email protected] | 4.3 | 0.15% | 2023-05-23 | 2024-11-21 |
| CVE-2022-2181 | The Advanced WordPress Reset WordPress plugin before 1.6 does not escape some generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting | [email protected] | 6.1 | 0.20% | 2022-08-01 | 2024-11-21 |
| CVE-2022-2173 | The Advanced Database Cleaner WordPress plugin before 3.1.1 does not escape numerous generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting | [email protected] | 6.1 | 0.20% | 2022-07-17 | 2024-11-21 |
| CVE-2021-24921 | The Advanced Database Cleaner WordPress plugin before 3.0.4 does not sanitise and escape $_GET keys and values before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues | [email protected] | 6.1 | 0.20% | 2022-02-21 | 2024-11-21 |
| CVE-2021-24141 | Unvaludated input in the Advanced Database Cleaner plugin, versions before 3.0.2, lead to SQL injection allowing high privilege users (admin+) to perform SQL attacks. | [email protected] | 7.2 | 0.53% | 2021-03-18 | 2024-11-21 |