Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total5
Critical0
High2
Medium3
Reset
Showing 1-5 of 5 records
Threat Entry Updated 2026-06-25

CVE-2026-12242 - Adrotate Plugin

The AdRotate Banner Manager plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 5.17.7 via the 'banner' attribute of the adrotate shortcode. This is due to insufficient input validation and sanitization of the banner shortcode attribute before concatenation into a PHP code string wrapped in W3 Total Cache mfunc or Borlabs Cache fragment markers. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute arbitrary PHP code on the server. This vulnerability requires W3 Total Cache or Borlabs Cache…

PLUGIN Adrotate

CVE-2026-12242

HIGH CVSS 8.8 2026-06-24
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-0662 - Adrotate Plugin

The AdRotate WordPress plugin before 5.8.23 does not sanitise and escape Advert Names which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

PLUGIN Adrotate

CVE-2022-0662

MEDIUM CVSS 4.8 2022-05-02
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-0649 - Adrotate Plugin

The AdRotate WordPress plugin before 5.8.23 does not escape Group Names, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

PLUGIN Adrotate

CVE-2022-0649

MEDIUM CVSS 4.8 2022-05-02
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-0267 - Adrotate Plugin

The AdRotate WordPress plugin before 5.8.22 does not sanitise and escape the adrotate_action before using it in a SQL statement via the adrotate_request_action function available to admins, leading to a SQL injection

PLUGIN Adrotate

CVE-2022-0267

HIGH CVSS 7.2 2022-03-07
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24138 - Adrotate Plugin

Unvalidated input in the AdRotate WordPress plugin, versions before 5.8.4, leads to Authenticated SQL injection via param "id". This requires an admin privileged user.

PLUGIN Adrotate

CVE-2021-24138

MEDIUM CVSS 5.5 2021-03-18
Open Full Technical Breakdown
Scroll to top