CVE-2022-0267

The AdRotate WordPress plugin before 5.8.22 does not sanitise and escape the adrotateaction before using it in a SQL statement via the adrotaterequestaction function available to admins, leading to a SQL injection...

CVE-2022-0649

The AdRotate WordPress plugin before 5.8.23 does not escape Group Names, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-0662

The AdRotate WordPress plugin before 5.8.23 does not sanitise and escape Advert Names which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

EUVD-2001-1205

Malware in sbrugna...

EUVD-2021-11052

Malware in sbrugna...

EUVD-2011-4589

Malware in sbrugna...

EUVD-2019-5025

Malware in sbrugna...

EUVD-2022-15754

Malicious code in bioql PyPI...

EUVD-2022-15448

Malicious code in bioql PyPI...

EUVD-2022-30925

Malicious code in bioql PyPI...

EUVD-2022-15743

Malicious code in bioql PyPI...

CVE-2021-24138

Unvalidated input in the AdRotate WordPress plugin, versions before 5.8.4, leads to Authenticated SQL injection via param "id". This requires an admin privileged user...

CVE-2022-1206

The AdRotate Banner Manager – The only ad manager you'll need plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension sanitization in the adrotateinsertmedia function in all versions up to, and including, 5.13.2. This makes it possible for authenticated attacker...

CVE-2022-1206

The AdRotate Banner Manager – The only ad manager you'll need plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension sanitization in the adrotateinsertmedia function in all versions up to, and including, 5.13.2. This makes it possible for authenticated attacker...

CVE-2022-1206 AdRotate – Ad manager & AdSense Ads <= 5.13.2 - Authenticated (Admin+) Double Extension Arbitrary File Upload

The AdRotate Banner Manager – The only ad manager you'll need plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension sanitization in the adrotateinsertmedia function in all versions up to, and including, 5.13.2. This makes it possible for authenticated attacker...

CVE-2022-1206

CVE-2022-1206 concerns the WordPress plugin AdRotate Banner Manager. The vulnerability is an arbitrary file upload caused by missing file extension sanitization in the adrotate_insert_media() function, affecting all versions up to and including 5.13.2. It requires authenticated access at administ...

CVE-2022-1206 AdRotate – Ad manager & AdSense Ads <= 5.13.2 - Authenticated (Admin+) Double Extension Arbitrary File Upload

The AdRotate Banner Manager – The only ad manager you'll need plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension sanitization in the adrotateinsertmedia function in all versions up to, and including, 5.13.2. This makes it possible for authenticated attacker...

WordPress AdRotate plugin <= 5.13.2 - Authenticated (Admin+) Double Extension Arbitrary File Upload vulnerability

Authenticated Admin+ Double Extension Arbitrary File Upload vulnerability discovered by Jorgson in WordPress Plugin AdRotate versions = 5.13.2...

WordPress AdRotate Plugin <= 5.13.2 is vulnerable to Arbitrary File Upload

Software AdRotate Type Plugin Vulnerable versions = 5.13.2 Fixed in N/A OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2022-1206 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID f703ac87a2d0 Credits Jorgson Required privilege Administrator Published...

PT-2024-11506 · WordPress · Adrotate Banner Manager

Name of the Vulnerable Software and Affected Versions: The AdRotate Banner Manager – The only ad manager you'll need plugin for WordPress versions up to, and including, 5.13.2 Description: The issue is related to arbitrary file uploads due to missing file extension sanitization in the adrotate...