Ajdg: >> Adrotate >> 4.0 Security Vulnerabilities
The AdRotate WordPress plugin before 5.8.23 does not escape Group Names, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
CVSS Score
4.8
EPSS Score
0.002
Published
2022-05-02
The AdRotate WordPress plugin before 5.8.23 does not sanitise and escape Advert Names which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
CVSS Score
4.8
EPSS Score
0.002
Published
2022-05-02
Unvalidated input in the AdRotate WordPress plugin, versions before 5.8.4, leads to Authenticated SQL injection via param "id". This requires an admin privileged user.
CVSS Score
5.5
EPSS Score
0.008
Published
2021-03-18
The AJdG AdRotate plugin before 5.3 for WordPress allows SQL Injection.
CVSS Score
7.2
EPSS Score
0.008
Published
2019-07-23