Lucene search

K
cvelistWPScanCVELIST:CVE-2022-0267
HistoryMar 07, 2022 - 8:16 a.m.

CVE-2022-0267 AdRotate < 5.8.22 - Admin+ SQL Injection

2022-03-0708:16:24
CWE-89
WPScan
www.cve.org

0.001 Low

EPSS

Percentile

37.7%

The AdRotate WordPress plugin before 5.8.22 does not sanitise and escape the adrotate_action before using it in a SQL statement via the adrotate_request_action function available to admins, leading to a SQL injection

CNA Affected

[
  {
    "product": "AdRotate – Ad manager & AdSense Ads",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "5.8.22",
        "status": "affected",
        "version": "5.8.22",
        "versionType": "custom"
      }
    ]
  }
]

0.001 Low

EPSS

Percentile

37.7%

Related for CVELIST:CVE-2022-0267