Primary

Context

Advanced Database Cleaner Premium Local File Inclusion Vulnerability

Vulnerability

Patched

A local file inclusion vulnerability has been identified in the Advanced Database Cleaner - Premium plugin for WordPress, affecting versions through 4.1.0. The vulnerability arises from improper handling of the 'template' parameter, allowing authenticated attackers with Subscriber-level access or higher to include and execute arbitrary PHP files on the server. This exploitation could lead to bypassing access controls, accessing sensitive data, or executing code in scenarios where PHP files can be uploaded and included.

Impact

Exploitation of this vulnerability could result in unauthorized access to sensitive data, execution of malicious PHP code on the server, and potential bypassing of access controls.

Remediation

Users are advised to update the Advanced Database Cleaner - Premium plugin to version 4.1.1 or a newer patched version.

Added: May 20, 2026, 5:18 AM

Updated: May 20, 2026, 5:18 AM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

7.5

exploitability

5.4

remediation

7.7

relevance

8.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

7.5

exploitability

5.4

remediation

7.7

relevance

8.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Advanced Database Cleaner Premium Local File Inclusion Vulnerability

Vulnerability

Impact

Remediation

Affected Products

SigmaPlugin Advanced Database Cleaner

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating