Authenticated SQL Injection in AdRotate WordPress Plugin (Versions < 5.8.4) via id Parameter
CVE-2021-24138 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L
Unvalidated input in the AdRotate WordPress plugin, versions before 5.8.4, leads to Authenticated SQL injection via param "id". This requires an admin privileged user.
Learn more about our Wordpress Pen Testing.