AdRotate < 5.8.4 - Authenticated SQL Injection
CVE-2021-24138

5.5MEDIUM

Key Information:

Vendor: Wordpress
Status: Adrotate
Vendor: CVE Published:; 18 March 2021

Summary

Unvalidated input in the AdRotate WordPress plugin, versions before 5.8.4, leads to Authenticated SQL injection via param "id". This requires an admin privileged user.

Affected Version(s)

AdRotate 5.8.4

References

https://wpscan.com/vulnerability/aafac655-3616-4b27-9d0f-...

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 18, 2021
Vulnerability Reserved
Jan 14, 2021

Credit

Nguyen Anh Tien - SunCSR (Sun* Cyber Security Research)