Skip to main content

Adrotate

6 CVEs product

Monthly

CVE-2022-0662 MEDIUM POC This Month

The AdRotate WordPress plugin before 5.8.23 does not sanitise and escape Advert Names which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Adrotate
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-0649 MEDIUM POC This Month

The AdRotate WordPress plugin before 5.8.23 does not escape Group Names, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Adrotate
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-0267 HIGH POC This Week

The AdRotate WordPress plugin before 5.8.22 does not sanitise and escape the adrotate_action before using it in a SQL statement via the adrotate_request_action function available to admins, leading. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Adrotate
NVD WPScan
CVSS 3.1
7.2
EPSS
1.3%
CVE-2021-24138 MEDIUM POC This Month

Unvalidated input in the AdRotate WordPress plugin, versions before 5.8.4, leads to Authenticated SQL injection via param "id". Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Adrotate
NVD WPScan
CVSS 3.1
5.5
EPSS
1.2%
CVE-2019-13570 HIGH This Week

The AJdG AdRotate plugin before 5.3 for WordPress allows SQL Injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi WordPress Adrotate
NVD
CVSS 3.0
7.2
EPSS
1.5%
CVE-2014-1854 HIGH POC This Week

SQL injection vulnerability in library/clicktracker.php in the AdRotate Pro plugin 3.9 through 3.9.5 and AdRotate Free plugin 3.9 through 3.9.4 for WordPress allows remote attackers to execute. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Adrotate
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
9.9%
EPSS 1% CVSS 4.8
MEDIUM POC This Month

The AdRotate WordPress plugin before 5.8.23 does not sanitise and escape Advert Names which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Adrotate
NVD WPScan
EPSS 1% CVSS 4.8
MEDIUM POC This Month

The AdRotate WordPress plugin before 5.8.23 does not escape Group Names, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Adrotate
NVD WPScan
EPSS 1% CVSS 7.2
HIGH POC This Week

The AdRotate WordPress plugin before 5.8.22 does not sanitise and escape the adrotate_action before using it in a SQL statement via the adrotate_request_action function available to admins, leading. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Adrotate
NVD WPScan
EPSS 1% CVSS 5.5
MEDIUM POC This Month

Unvalidated input in the AdRotate WordPress plugin, versions before 5.8.4, leads to Authenticated SQL injection via param "id". Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Adrotate
NVD WPScan
EPSS 2% CVSS 7.2
HIGH This Week

The AJdG AdRotate plugin before 5.3 for WordPress allows SQL Injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi WordPress Adrotate
NVD
EPSS 10% CVSS 7.5
HIGH POC This Week

SQL injection vulnerability in library/clicktracker.php in the AdRotate Pro plugin 3.9 through 3.9.5 and AdRotate Free plugin 3.9 through 3.9.4 for WordPress allows remote attackers to execute. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP +1
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy