Authenticated SQL Injection in AdRotate WordPress Plugin (Versions < 5.8.4) via id Parameter

Authenticated SQL Injection in AdRotate WordPress Plugin (Versions < 5.8.4) via id Parameter

CVE-2021-24138 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L

Unvalidated input in the AdRotate WordPress plugin, versions before 5.8.4, leads to Authenticated SQL injection via param "id". This requires an admin privileged user.

Learn more about our Wordpress Pen Testing.