2 results (0.001 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Cross-Site Request Forgery (CSRF) in AdRotate Banner Manager Plugin <= 5.9 on WordPress. Cross-Site Request Forgery (CSRF) en el complemento AdRotate Banner Manager &lt;= 5.9 en WordPress. The AdRotate Banner Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.9. This is due to missing or incorrect nonce validation on the adrotate_options() function. This makes it possible for unauthenticated attackers to invoke these functions, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/adrotate/wordpress-adrotate-banner-manager-plugin-5-9-multiple-cross-site-request-forgery-csrf-vulnerabilities?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

The AdRotate WordPress plugin before 5.8.22 does not sanitise and escape the adrotate_action before using it in a SQL statement via the adrotate_request_action function available to admins, leading to a SQL injection El plugin AdRotate de WordPress versiones anteriores a 5.8.22, no sanea y escapa de la acción adrotate_action antes de usarla en una sentencia SQL por medio de la función adrotate_request_action disponible para administradores, conllevando a una inyección SQL • https://wpscan.com/vulnerability/7df70f49-547f-4bdb-bf9b-2e06f93488c6 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •