WordPress Plugin Vulnerabilities
AdRotate Banner Manager <= 5.2 - Authenticated SQL Injection
Description
The vendor states:
"Earlier this week I was contacted by a security research firm who has apparently been poking around in the code of AdRotate and they found an issue in AdRotate Free. Upon checking the code following their advisory I found a potential weak point in AdRotate Pro as well. Though the proof of concept "hack" didn’t work on AdRotate Pro. A few small tweaks made sense to prevent a crafty scammer to even get close.
A number of database queries have been updated to be more secure and more uniform (so the code looks prettier).
Without admin access your data is not at risk and there is no evidence that this vulnerability actually works or has been exploited anywhere."
Affects Plugins
Fixed in 5.3 References
CVE
Classification
Type
SQLI
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Tin Duong of Fortinet's FortiGuard Labs
Submitter
Ryan Dewhurst
Submitter website
Submitter twitter
Verified
No
WPVDB ID
Timeline
Publicly Published
2019-07-11 (about 6 years ago)
Added
2019-07-25 (about 6 years ago)
Last Updated
2021-01-19 (about 5 years ago)
WPScan 