CVE-2021-24138 — CVSS 5.5 (medium): Unvalidated input in the AdRotate WordPress plugin, versions before 5.8.4, leads to Authenticated SQL injection via param "id". This…
CVE-2022-0649 — CVSS 4.8 (medium): The AdRotate WordPress plugin before 5.8.23 does not escape Group Names, which could allow high privilege users to perform Cross-Site…
CVE-2022-0662 — CVSS 4.8 (medium): The AdRotate WordPress plugin before 5.8.23 does not sanitise and escape Advert Names which could allow high privilege users to perform…