VYPR

Adrotate

by WordPress

CVEs (9)

  • CVE-2022-1206HigAug 20, 2024
    risk 0.40cvss 7.2epss 0.01

    The AdRotate Banner Manager – The only ad manager you'll need plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension sanitization in the adrotate_insert_media() function in all versions up to, and including, 5.13.2. This makes it possible…

  • CVE-2014-1854Feb 27, 2014
    risk 0.03cvss epss 0.05

    SQL injection vulnerability in library/clicktracker.php in the AdRotate Pro plugin 3.9 through 3.9.5 and AdRotate Free plugin 3.9 through 3.9.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter.

  • CVE-2011-4671Dec 2, 2011
    risk 0.03cvss epss 0.03

    SQL injection vulnerability in adrotate/adrotate-out.php in the AdRotate plugin 3.6.6, and other versions before 3.6.8, for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter (aka redirect URL).

  • CVE-2022-26366Nov 30, 2022
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) in AdRotate Banner Manager Plugin <= 5.9 on WordPress.

  • CVE-2022-0662May 2, 2022
    risk 0.00cvss epss 0.01

    The AdRotate WordPress plugin before 5.8.23 does not sanitise and escape Advert Names which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

  • CVE-2022-0649May 2, 2022
    risk 0.00cvss epss 0.01

    The AdRotate WordPress plugin before 5.8.23 does not escape Group Names, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

  • CVE-2022-0267Mar 7, 2022
    risk 0.00cvss epss 0.01

    The AdRotate WordPress plugin before 5.8.22 does not sanitise and escape the adrotate_action before using it in a SQL statement via the adrotate_request_action function available to admins, leading to a SQL injection

  • CVE-2021-24138Mar 18, 2021
    risk 0.00cvss epss 0.01

    Unvalidated input in the AdRotate WordPress plugin, versions before 5.8.4, leads to Authenticated SQL injection via param "id". This requires an admin privileged user.

  • CVE-2019-13570Jul 23, 2019
    risk 0.00cvss epss 0.01

    The AJdG AdRotate plugin before 5.3 for WordPress allows SQL Injection.