Cross-Site Request Forgery (CSRF) in AdRotate Banner Manager Plugin <= 5.9 on...
8.8CVSS
8.9AI Score
0.001EPSS
The AdRotate WordPress plugin before 5.8.23 does not sanitise and escape Advert Names which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is...
4.8CVSS
4.7AI Score
0.001EPSS
The AdRotate WordPress plugin before 5.8.23 does not escape Group Names, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is...
4.8CVSS
4.7AI Score
0.001EPSS
The AdRotate WordPress plugin before 5.8.22 does not sanitise and escape the adrotate_action before using it in a SQL statement via the adrotate_request_action function available to admins, leading to a SQL...
7.2CVSS
7.2AI Score
0.001EPSS
Unvalidated input in the AdRotate WordPress plugin, versions before 5.8.4, leads to Authenticated SQL injection via param "id". This requires an admin privileged...
5.5CVSS
5.9AI Score
0.001EPSS
7.2CVSS
7.3AI Score
0.001EPSS
SQL injection vulnerability in library/clicktracker.php in the AdRotate Pro plugin 3.9 through 3.9.5 and AdRotate Free plugin 3.9 through 3.9.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the track...
8.3AI Score
0.009EPSS
SQL injection vulnerability in adrotate/adrotate-out.php in the AdRotate plugin 3.6.6, and other versions before 3.6.8, for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter (aka redirect...
8.7AI Score
0.001EPSS