WordPress Plugin Vulnerabilities

AdRotate < 5.8.22 - Admin+ SQL Injection

Description

The plugin does not sanitise and escape the adrotate_action before using it in a SQL statement via the adrotate_request_action function available to admins, leading to a SQL injection

Proof of Concept

Affects Plugins

Plugin icon
adrotate
Fixed in 5.8.22

References

CVE
CVE-2022-0267

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
6.8 (medium)

Miscellaneous

Original Researcher
ZhongFu Su(JrXnm) of Wuhan University
Submitter
ZhongFu Su(JrXnm) of Wuhan University
Submitter website
https://blog.szfszf.top
Submitter twitter
JrXnm
Verified
Yes
WPVDB ID
7df70f49-547f-4bdb-bf9b-2e06f93488c6

Timeline

Publicly Published
2022-02-07 (about 3 years ago)
Added
2022-02-07 (about 3 years ago)
Last Updated
2022-09-26 (about 3 years ago)

Other

Published
Title
Published
2022-04-13
Title
Product Filter For WooCommerce Product <= 1.3.0 - Unauthenticated SQLi
Published
2024-09-11
Title
LearnPress – WordPress LMS Plugin < 4.2.7.1 - Unauthenticated SQL Injection via 'c_only_fields'
Published
2022-12-02
Title
Plugin Logic < 1.0.8 - Admin+ SQLi
Published
2025-01-15
Title
Taskbuilder < 3.0.7 - Authenticated (Subscriber+) SQL Injection
Published
2025-06-05
Title
WP Text Expander <= 1.0.1 - Authenticated (Administrator+) SQL Injection