WordPress is the Wordpress Foundation’s set of blogging platforms developed using the PHP language. A SQL injection vulnerability exists in versions of the WordPress AdRotate Plugin prior to 5.8.22. The vulnerability stems from the plugin’s failure to clean up and escape the adrotate_action parameter before using it in an SQL statement, which can be exploited by attackers to execute illegal SQL commands to steal sensitive database data.
CPE | Name | Operator | Version |
---|---|---|---|
wordpress adrotate plugin | lt | 5.8.22 |