CVE-2022-0267

Summary

The AdRotate WordPress plugin before 5.8.22 does not sanitise and escape the adrotate_action before using it in a SQL statement via the adrotate_request_action function available to admins, leading to a SQL injection

Affected Software

VendorProductVersion RangeStatus
UnknownAdRotate – Ad manager & AdSense Ads5.8.22 < 5.8.22affected

Weaknesses

  • CWE-89: CWE-89 SQL Injection

ADP Enrichment

CVE Program Container

Additional References

References