Vulnerabilities and security researches foradrotate adrotate
Direction: ascendingAdRotate Banner Manager – The only ad manager you'll need # CVE-2014-1854
- CVE, Research URL
- Home page URL
-
Security reports for AdRotate Banner Manager – The only ad manager you'll need
- Date
- Feb 27, 2014
- Research Description
- SQL injection vulnerability in library/clicktracker.php in the AdRotate Pro plugin 3.9 through 3.9.5 and AdRotate Free plugin 3.9 through 3.9.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter.
- Affected versions
-
Min 3.9, max 3.9.4.
- Status
-
vulnerable
AdRotate Banner Manager – The only ad manager you'll need # CVE-2022-0649
- CVE, Research URL
- Home page URL
-
Security reports for AdRotate Banner Manager – The only ad manager you'll need
- Date
- May 02, 2022
- Research Description
- The AdRotate WordPress plugin before 5.8.23 does not escape Group Names, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
- Affected versions
-
max 5.8.23.
- Status
-
vulnerable
AdRotate Banner Manager – The only ad manager you'll need # CVE-2022-0662
- CVE, Research URL
- Home page URL
-
Security reports for AdRotate Banner Manager – The only ad manager you'll need
- Date
- May 02, 2022
- Research Description
- The AdRotate WordPress plugin before 5.8.23 does not sanitise and escape Advert Names which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
- Affected versions
-
max 5.8.23.
- Status
-
vulnerable
AdRotate Banner Manager – The only ad manager you'll need # CVE-2022-26366
- CVE, Research URL
- Home page URL
-
Security reports for AdRotate Banner Manager – The only ad manager you'll need
- Date
- Nov 30, 2022
- Research Description
- Cross-Site Request Forgery (CSRF) in AdRotate Banner Manager Plugin <= 5.9 on WordPress.
- Affected versions
-
max 5.9.1.
- Status
-
vulnerable
AdRotate Banner Manager – The only ad manager you'll need # CVE-2022-0267
- CVE, Research URL
- Home page URL
-
Security reports for AdRotate Banner Manager – The only ad manager you'll need
- Date
- Mar 07, 2022
- Research Description
- The AdRotate WordPress plugin before 5.8.22 does not sanitise and escape the adrotate_action before using it in a SQL statement via the adrotate_request_action function available to admins, leading to a SQL injection
- Affected versions
-
max 5.8.23.
- Status
-
vulnerable
AdRotate Banner Manager – The only ad manager you'll need # CVE-2021-24138
- CVE, Research URL
- Home page URL
-
Security reports for AdRotate Banner Manager – The only ad manager you'll need
- Date
- Mar 18, 2021
- Research Description
- Unvalidated input in the AdRotate WordPress plugin, versions before 5.8.4, leads to Authenticated SQL injection via param "id". This requires an admin privileged user.
- Affected versions
-
max 5.8.4.
- Status
-
vulnerable
AdRotate Banner Manager – The only ad manager you'll need # CVE-2019-13570
- CVE, Research URL
- Home page URL
-
Security reports for AdRotate Banner Manager – The only ad manager you'll need
- Date
- Jul 23, 2019
- Research Description
- The AJdG AdRotate plugin before 5.3 for WordPress allows SQL Injection.
- Affected versions
-
max 5.3.
- Status
-
vulnerable
AdRotate Banner Manager – The only ad manager you'll need # CVE-2011-4671
- CVE, Research URL
- Home page URL
-
Security reports for AdRotate Banner Manager – The only ad manager you'll need
- Date
- Dec 03, 2011
- Research Description
- SQL injection vulnerability in adrotate/adrotate-out.php in the AdRotate plugin 3.6.6, and other versions before 3.6.8, for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter (aka redirect URL).
- Affected versions
-
max 3.6.8.
- Status
-
vulnerable
AdRotate Banner Manager – The only ad manager you'll need # CVE-2022-1206
- CVE, Research URL
- Home page URL
-
Security reports for AdRotate Banner Manager – The only ad manager you'll need
- Date
- Aug 20, 2024
- Research Description
- The AdRotate Banner Manager – The only ad manager you'll need plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension sanitization in the adrotate_insert_media() function in all versions up to, and including, 5.13.2. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files with double extensions on the affected site's server which may make remote code execution possible. This is only exploitable on select instances where the configuration will execute the first extension present.
- Affected versions
-
max 5.13.3.
- Status
-
vulnerable
AdRotate Banner Manager – The only ad manager you'll need # fcfca9301358c86b4021b9328e08486217edb082
- CVE, Research URL
- Home page URL
-
Security reports for AdRotate Banner Manager – The only ad manager you'll need
- Date
- Jun 03, 2020
- Research Description
- AdRotate Banner Manager [adrotate] < 5.8.4 WordPress AdRotate plugin <= 5.8.3 - Authenticated SQL Injection (SQLi) vulnerability Authenticated SQL Injection (SQLi) vulnerability found by Nguyen Anh Tien in WordPress AdRotate plugin (versions <= 5.8.3).
- Affected versions
-
max 5.8.4.
- Status
-
vulnerable
AdRotate Banner Manager – The only ad manager you'll need # CVE-2026-12242
- CVE, Research URL
- Home page URL
-
Security reports for AdRotate Banner Manager – The only ad manager you'll need
- Date
- Jun 24, 2026
- Research Description
- The AdRotate Banner Manager plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 5.17.7 via the 'banner' attribute of the adrotate shortcode. This is due to insufficient input validation and sanitization of the banner shortcode attribute before concatenation into a PHP code string wrapped in W3 Total Cache mfunc or Borlabs Cache fragment markers. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute arbitrary PHP code on the server. This vulnerability requires W3 Total Cache or Borlabs Cache support to be enabled in AdRotate settings.
- Affected versions
-
max 5.17.8.
- Status
-
vulnerable