CVE-2021-24138

MEDIUM

AdRotate < 5.8.4 - Authenticated SQL Injection via 'id' Parameter

Title source: llm
STIX 2.1

Description

Unvalidated input in the AdRotate WordPress plugin, versions before 5.8.4, leads to Authenticated SQL injection via param "id". This requires an admin privileged user.

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/aafac655-3616-4b27-9d0f-1cbc2faf0151

Scores

CVSS v3 5.5
EPSS 0.0123
EPSS Percentile 65.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L

Details

CWE
CWE-89
Status published
Products (1)
ajdg/adrotate < 5.8.4
Published Mar 18, 2021
Tracked Since Feb 18, 2026