CVE-2022-2173

CVE-2022-2173: Advanced Database Cleaner < 3.1.1 - Reflected Cross-Site Scripting

Vendor Unknown

Product Advanced Database Cleaner

Weakness CWE-79 · XSS

Published July 17, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Advanced Database Cleaner WordPress plugin before 3.1.1 does not escape numerous generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting

Key dates

02Disclosure timeline

July 17, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-2173 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-43218 WordPress Mediavine Control Panel plugin <= 2.10.4 - Cross Site Scripting (XSS) vulnerability CVE-2020-16206 CVE-2022-36097 XWiki Platform Attachment UI vulnerable to cross-site scripting in the move attachment form CVE-2025-36042 IBM QRadar SIEM cross-site scripting CVE-2025-57993 WordPress Geolocation IP Detection plugin <= 5.5.0 - Cross Site Scripting (XSS) vulnerability