01642 06 11 11 Arrange Call

Authenticated SQL Injection in AdRotate WordPress Plugin (Versions < 5.8.4) via id Parameter

CVE-2021-24138 · MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L

CVE-2021-24138

Unvalidated input in the AdRotate WordPress plugin, versions before 5.8.4, leads to Authenticated SQL injection via param "id". This requires an admin privileged user.

Learn more about our Wordpress Pen Testing.