AdRotate < 5.13.3 – Admin+ Double Extension Arbitrary File Upload | CVE 2022-1206 | Plugin Vulnerabilities

Description

The plugin is vulnerable to arbitrary file uploads due to missing file extension sanitization in the adrotate_insert_media() function. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files with double extensions on the affected site's server which may make remote code execution possible. This is only exploitable on select instances where the configuration will execute the first extension present.

Affects Plugins

Fixed in 5.13.3

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/9f92219a-e07e-422d-a9f2-dbe4fbcd5f55

Miscellaneous

Original Researcher

Jorgson

Verified

No

WPVDB ID

a670dc87-ed79-493a-888d-afd7cb99269e

Timeline

Publicly Published

2024-08-19 (about 1 year ago)

Added

2024-08-19 (about 1 year ago)

Last Updated

2024-08-21 (about 1 year ago)

Other

Published

Title

Published

2025-10-15

Title

Blogmatic < 1.0.4 - Authenticated (Subscriber+) Arbitrary File Upload

Published

2026-01-23

Title

Hustle < 7.8.9.3 - Subscriber+ Arbitrary File Upload via Module Import

Published

2015-06-29

Title

N-Media File Uploader <= 3.7 - Unauthenticated Arbitrary File Upload

Published

2025-10-18

Title

RTMKit < 1.6.6 - Authenticated (Contributor+) Arbitrary File Upload

Published

2026-04-20

Title

Kids Online Store < 0.9.0 - Subscriber+ Arbitrary File Upload