CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0662 – Adrotate < 5.8.23 - Admin+ XSS via Advert Name
https://notcve.org/view.php?id=CVE-2022-0662
11 Apr 2022 — The AdRotate WordPress plugin before 5.8.23 does not sanitise and escape Advert Names which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed El plugin AdRotate de WordPress versiones anteriores a 5.8.23, no sanea ni escapa de los nombres de los usuarios, lo que podría permitir a usuarios muy privilegiados llevar a cabo ataques de tipo Cross-Site Scripting incluso cuando la capacidad unfiltered_html no está permitida • https://wpscan.com/vulnerability/27ad58ba-b648-41d9-8074-16e4feeaee69 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0649 – Adrotate < 5.8.23 - Admin+ XSS via Group Name
https://notcve.org/view.php?id=CVE-2022-0649
11 Apr 2022 — The AdRotate WordPress plugin before 5.8.23 does not escape Group Names, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed El plugin AdRotate de WordPress versiones anteriores a 5.8.23, no escapa de los nombres de los grupos, lo que podría permitir a usuarios muy privilegiados llevar a cabo ataques de tipo Cross-Site Scripting incluso cuando la capacidad unfiltered_html no está permitida • https://wpscan.com/vulnerability/284fbc98-803d-4da5-8920-411eeae4bac8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0267 – AdRotate < 5.8.22 - Admin+ SQL Injection
https://notcve.org/view.php?id=CVE-2022-0267
07 Feb 2022 — The AdRotate WordPress plugin before 5.8.22 does not sanitise and escape the adrotate_action before using it in a SQL statement via the adrotate_request_action function available to admins, leading to a SQL injection El plugin AdRotate de WordPress versiones anteriores a 5.8.22, no sanea y escapa de la acción adrotate_action antes de usarla en una sentencia SQL por medio de la función adrotate_request_action disponible para administradores, conllevando a una inyección SQL • https://wpscan.com/vulnerability/7df70f49-547f-4bdb-bf9b-2e06f93488c6 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24138 – AdRotate < 5.8.4 - Authenticated SQL Injection
https://notcve.org/view.php?id=CVE-2021-24138
03 Jun 2020 — Unvalidated input in the AdRotate WordPress plugin, versions before 5.8.4, leads to Authenticated SQL injection via param "id". This requires an admin privileged user. Una entrada no comprobada en el plugin de WordPress AdRotate, versiones anteriores a 5.8.4, conlleva a una inyección SQL autenticado por medio del parámetro "id". Esto requiere un usuario con privilegios de administrador • https://wpscan.com/vulnerability/aafac655-3616-4b27-9d0f-1cbc2faf0151 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13570 – AdRotate – Ad manager & AdSense Ads <= 5.2 - Authenticated SQL Injection
https://notcve.org/view.php?id=CVE-2019-13570
11 Jul 2019 — The AJdG AdRotate plugin before 5.3 for WordPress allows SQL Injection. El plugin AJdG AdRotate en versiones anteriores a la 5.3 para WordPress, permite una inyección SQL. • https://ajdg.solutions/2019/07/11/adrotate-pro-5-3-important-update-for-security-and-ads-txt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 15%CPEs: 11EXPL: 4CVE-2014-1854 – AdRotate – Ad manager & AdSense Ads 3.9 - 3.9.4 - SQL Injection
https://notcve.org/view.php?id=CVE-2014-1854
21 Feb 2014 — SQL injection vulnerability in library/clicktracker.php in the AdRotate Pro plugin 3.9 through 3.9.5 and AdRotate Free plugin 3.9 through 3.9.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter. Vulnerabilidad de inyección SQL en library/clicktracker.php en los plugins AdRotate Pro 3.9 hasta 3.9.5 y AdRotate Free 3.9 hasta 3.9.4 para WordPress permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro track. The Ad manager & AdSense Ads... • https://packetstorm.news/files/id/125330 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •