cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-1206,https://securityvulnerability.io/vulnerability/CVE-2022-1206,AdRotate Banner Manager Vulnerable to Arbitrary File Uploads,"The AdRotate Banner Manager plugin for WordPress contains a vulnerability stemming from inadequate file extension sanitization in the adrotate_insert_media() function. This flaw is present in all versions of the plugin up to and including 5.13.2. Authenticated attackers with administrator-level access and above are able to upload malicious files with double extensions to the server of the affected site. The exploitability of this vulnerability is dependent on specific configurations that might execute the first file extension present, potentially allowing for remote code execution. Administrators of WordPress sites using this plugin should take caution to update to secure versions and implement additional security measures.",Wordpress,Adrotate Banner Manager – The Only Ad Manager You&#039;ll Need,7.2,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-08-20T03:21:11.012Z,0
CVE-2022-26366,https://securityvulnerability.io/vulnerability/CVE-2022-26366,WordPress AdRotate Banner Manager Plugin <= 5.9 is vulnerable to Cross Site Request Forgery (CSRF),Cross-Site Request Forgery (CSRF) in AdRotate Banner Manager Plugin <= 5.9 on WordPress.,Wordpress,Adrotate Banner Manager (WordPress Plugin),5.4,MEDIUM,0.0010300000431016088,false,,false,false,false,,false,false,2022-11-30T12:25:53.661Z,0
CVE-2022-0662,https://securityvulnerability.io/vulnerability/CVE-2022-0662,Adrotate < 5.8.23 - Admin+ XSS via Advert Name,The AdRotate WordPress plugin before 5.8.23 does not sanitise and escape Advert Names which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed,Wordpress,Adrotate – Ad Manager & Adsense Ads,4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2022-05-02T16:05:40.000Z,0
CVE-2022-0649,https://securityvulnerability.io/vulnerability/CVE-2022-0649,Adrotate < 5.8.23 - Admin+ XSS via Group Name,"The AdRotate WordPress plugin before 5.8.23 does not escape Group Names, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed",Wordpress,AdRotate – Ad manager & AdSense Ads,4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2022-05-02T16:05:39.000Z,0
CVE-2022-0267,https://securityvulnerability.io/vulnerability/CVE-2022-0267,AdRotate < 5.8.22 - Admin+ SQL Injection,"The AdRotate WordPress plugin before 5.8.22 does not sanitise and escape the adrotate_action before using it in a SQL statement via the adrotate_request_action function available to admins, leading to a SQL injection",Wordpress,Adrotate – Ad Manager & Adsense Ads,7.2,HIGH,0.001120000029914081,false,,false,false,false,,false,false,2022-03-07T08:16:24.000Z,0
CVE-2021-24138,https://securityvulnerability.io/vulnerability/CVE-2021-24138,AdRotate < 5.8.4 - Authenticated SQL Injection,"Unvalidated input in the AdRotate WordPress plugin, versions before 5.8.4, leads to Authenticated SQL injection via param ""id"". This requires an admin privileged user.",Wordpress,Adrotate,5.5,MEDIUM,0.0023399998899549246,false,,false,false,false,,false,false,2021-03-18T14:57:49.000Z,0
CVE-2019-13570,https://securityvulnerability.io/vulnerability/CVE-2019-13570,,The AJdG AdRotate plugin before 5.3 for WordPress allows SQL Injection.,Wordpress,Adrotate,7.2,HIGH,0.0008699999889358878,false,,false,false,false,,false,false,2019-07-23T16:16:47.000Z,0
CVE-2014-1854,https://securityvulnerability.io/vulnerability/CVE-2014-1854,,SQL injection vulnerability in library/clicktracker.php in the AdRotate Pro plugin 3.9 through 3.9.5 and AdRotate Free plugin 3.9 through 3.9.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter.,Wordpress,Adrotate,,,0.003229999914765358,false,,false,false,false,,false,false,2014-02-27T15:00:00.000Z,0
CVE-2011-4671,https://securityvulnerability.io/vulnerability/CVE-2011-4671,,"SQL injection vulnerability in adrotate/adrotate-out.php in the AdRotate plugin 3.6.6, and other versions before 3.6.8, for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter (aka redirect URL).",Wordpress,Adrotate,,,0.0008699999889358878,false,,false,false,false,,false,false,2011-12-02T18:00:00.000Z,0