CVE-2021-24921

Summary

The Advanced Database Cleaner WordPress plugin before 3.0.4 does not sanitise and escape $_GET keys and values before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues

Affected Software

VendorProductVersion RangeStatus
UnknownAdvanced Database Cleaner3.0.4 < 3.0.4affected

Weaknesses

  • CWE-79: CWE-79 Cross-site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References