Lucene search
K

131 matches found

NVD
NVD
added 2026/06/24 1:16 p.m.9 views

CVE-2026-12242

The AdRotate Banner Manager plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 5.17.7 via the 'banner' attribute of the adrotate shortcode. This is due to insufficient input validation and sanitization of the banner shortcode attribute before...

8.8CVSS0.00467EPSS
Exploits0References11
CVE
CVE
added 2026/06/24 12:33 p.m.20 views

CVE-2026-12242

CVE-2026-12242 affects the WordPress AdRotate Banner Manager plugin up to version 5.17.7. The vulnerability is PHP Code Injection via the banner attribute of the adrotate shortcode, caused by insufficient validation and sanitization before concatenation into a PHP code string wrapped in W3 Total ...

8.8CVSS6.2AI score0.00467EPSS
Exploits0References11
EUVD
EUVD
added 2026/06/24 12:33 p.m.10 views

EUVD-2026-38758

The AdRotate Banner Manager plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 5.17.7 via the 'banner' attribute of the adrotate shortcode. This is due to insufficient input validation and sanitization of the banner shortcode attribute before...

8.8CVSS6.2AI score0.00467EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2026/06/24 12:33 p.m.6 views

CVE-2026-12242

The AdRotate Banner Manager plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 5.17.7 via the 'banner' attribute of the adrotate shortcode. This is due to insufficient input validation and sanitization of the banner shortcode attribute before...

8.8CVSS6.2AI score0.00467EPSS
Exploits0References12
Patchstack
Patchstack
added 2026/06/24 12:29 p.m.9 views

WordPress AdRotate Banner Manager plugin <= 5.17.7 - Authenticated (Contributor+) PHP Code Injection vulnerability

Authenticated Contributor+ PHP Code Injection vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin AdRotate Banner Manager versions = 5.17.7...

8.8CVSS5.9AI score0.00467EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 10:45 a.m.3 views

CVE-2022-0267

The AdRotate WordPress plugin before 5.8.22 does not sanitise and escape the adrotateaction before using it in a SQL statement via the adrotaterequestaction function available to admins, leading to a SQL injection...

7.2CVSS7.5AI score0.01255EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:45 a.m.6 views

CVE-2022-0649

The AdRotate WordPress plugin before 5.8.23 does not escape Group Names, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS6AI score0.00577EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:44 a.m.7 views

CVE-2022-0662

The AdRotate WordPress plugin before 5.8.23 does not sanitise and escape Advert Names which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.9AI score0.00577EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-11052

Malware in sbrugna...

5.5CVSS5.5AI score0.01231EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2011-4589

Malware in sbrugna...

7.5CVSS6.4AI score0.03066EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-5025

Malware in sbrugna...

7.2CVSS7AI score0.01502EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2001-1205

Malware in sbrugna...

7.5CVSS6.4AI score0.0211EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-15743

Malicious code in bioql PyPI...

4.8CVSS5.1AI score0.00577EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-30925

Malicious code in bioql PyPI...

8.8CVSS8.4AI score0.00264EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-15448

Malicious code in bioql PyPI...

7.2CVSS7.1AI score0.01255EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-15754

Malicious code in bioql PyPI...

4.8CVSS5.1AI score0.00577EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:20 p.m.5 views

CVE-2021-24138

Unvalidated input in the AdRotate WordPress plugin, versions before 5.8.4, leads to Authenticated SQL injection via param "id". This requires an admin privileged user...

5.5CVSS7.7AI score0.01231EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/02/05 11:8 p.m.8 views

CVE-2022-1206

The AdRotate Banner Manager – The only ad manager you'll need plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension sanitization in the adrotateinsertmedia function in all versions up to, and including, 5.13.2. This makes it possible for authenticated attacker...

7.2CVSS7.7AI score0.00966EPSS
Exploits0References1
NVD
NVD
added 2024/08/20 4:15 a.m.33 views

CVE-2022-1206

The AdRotate Banner Manager – The only ad manager you'll need plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension sanitization in the adrotateinsertmedia function in all versions up to, and including, 5.13.2. This makes it possible for authenticated attacker...

7.2CVSS0.00966EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/08/20 3:21 a.m.14 views

CVE-2022-1206 AdRotate – Ad manager & AdSense Ads <= 5.13.2 - Authenticated (Admin+) Double Extension Arbitrary File Upload

The AdRotate Banner Manager – The only ad manager you'll need plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension sanitization in the adrotateinsertmedia function in all versions up to, and including, 5.13.2. This makes it possible for authenticated attacker...

7.2CVSS7.3AI score0.00966EPSS
Exploits0References3
Rows per page
Query Builder