WordPress Plugin Vulnerabilities

Advanced Database Cleaner <= 3.1.1 - Settings Update via CSRF

Description

The plugin does not have CSRF check when updating its settings, which could allow attackers to make logged-in admins perform such action via a CSRF attack

Affects Plugins

Plugin icon
advanced-database-cleaner
Fixed in 3.1.2

References

CVE
CVE-2022-46813

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
thiennv
Verified
No
WPVDB ID
ce27d56d-559f-40d7-bd9d-adefe8f5fca8

Timeline

Publicly Published
2023-02-21 (about 3 years ago)
Added
2023-05-23 (about 2 years ago)
Last Updated
2023-05-23 (about 2 years ago)

Other

Published
Title
Published
2025-06-05
Title
Print Invoice & Delivery Notes for WooCommerce < 5.6.0 - Cross-Site Request Forgery
Published
2025-04-24
Title
Unsafe Mimetypes <= 0.1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2024-02-26
Title
Comments Extra Fields For Post,Pages and CPT < 5.1 - Cross-Site Request Forgery
Published
2023-08-21
Title
Lock User Account < 1.0.4 - Arbitrary Account Lock/Unlock via CSRF
Published
2025-03-11
Title
ZipList Recipe <= 3.1 - Cross-Site Request Forgery