Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
3 vulnerabilities by adegans
CVE-2026-12242 (GCVE-0-2026-12242)
Vulnerability from cvelistv5 – Published: 2026-06-24 12:33 – Updated: 2026-06-24 13:05
VLAI
Title
AdRotate Banner Manager <= 5.17.7 - Authenticated (Contributor+) PHP Code Injection via 'banner' Shortcode Attribute
Summary
The AdRotate Banner Manager plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 5.17.7 via the 'banner' attribute of the adrotate shortcode. This is due to insufficient input validation and sanitization of the banner shortcode attribute before concatenation into a PHP code string wrapped in W3 Total Cache mfunc or Borlabs Cache fragment markers. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute arbitrary PHP code on the server. This vulnerability requires W3 Total Cache or Borlabs Cache support to be enabled in AdRotate settings.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
11 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| adegans | AdRotate Banner Manager |
Affected:
0 , ≤ 5.17.7
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-12242",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-24T13:01:30.997655Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-24T13:05:32.102Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AdRotate Banner Manager",
"vendor": "adegans",
"versions": [
{
"lessThanOrEqual": "5.17.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Osvaldo Noe Gonzalez Del Rio"
}
],
"descriptions": [
{
"lang": "en",
"value": "The AdRotate Banner Manager plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 5.17.7 via the \u0027banner\u0027 attribute of the adrotate shortcode. This is due to insufficient input validation and sanitization of the banner shortcode attribute before concatenation into a PHP code string wrapped in W3 Total Cache mfunc or Borlabs Cache fragment markers. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute arbitrary PHP code on the server. This vulnerability requires W3 Total Cache or Borlabs Cache support to be enabled in AdRotate settings."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-24T12:33:29.448Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f29b905c-57cf-4fb8-b6af-eb0c367cd3e4?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/adrotate/trunk/adrotate-output.php#L265"
},
{
"url": "https://plugins.trac.wordpress.org/browser/adrotate/trunk/adrotate-output.php#L276"
},
{
"url": "https://plugins.trac.wordpress.org/browser/adrotate/tags/5.17.5/adrotate-output.php#L276"
},
{
"url": "https://plugins.trac.wordpress.org/browser/adrotate/trunk/adrotate-output.php#L288"
},
{
"url": "https://plugins.trac.wordpress.org/browser/adrotate/tags/5.17.5/adrotate-output.php#L288"
},
{
"url": "https://plugins.trac.wordpress.org/browser/adrotate/tags/5.17.5/adrotate-output.php#L265"
},
{
"url": "https://plugins.trac.wordpress.org/browser/adrotate/tags/5.17.4/adrotate-output.php#L276"
},
{
"url": "https://plugins.trac.wordpress.org/browser/adrotate/tags/5.17.4/adrotate-output.php#L288"
},
{
"url": "https://plugins.trac.wordpress.org/browser/adrotate/tags/5.17.4/adrotate-output.php#L265"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3582562/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-23T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "AdRotate Banner Manager \u003c= 5.17.7 - Authenticated (Contributor+) PHP Code Injection via \u0027banner\u0027 Shortcode Attribute"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-12242",
"datePublished": "2026-06-24T12:33:29.448Z",
"dateReserved": "2026-06-15T06:21:42.514Z",
"dateUpdated": "2026-06-24T13:05:32.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-1206 (GCVE-0-2022-1206)
Vulnerability from cvelistv5 – Published: 2024-08-20 03:21 – Updated: 2026-04-08 17:12
VLAI
Title
AdRotate – Ad manager & AdSense Ads <= 5.13.2 - Authenticated (Admin+) Double Extension Arbitrary File Upload
Summary
The AdRotate Banner Manager – The only ad manager you'll need plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension sanitization in the adrotate_insert_media() function in all versions up to, and including, 5.13.2. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files with double extensions on the affected site's server which may make remote code execution possible. This is only exploitable on select instances where the configuration will execute the first extension present.
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| adegans | AdRotate Banner Manager |
Affected:
0 , ≤ 5.13.2
(semver)
|
|
| adrotate_banner_manager_project | adrotate_banner_manager |
Affected:
0 , ≤ 5.13.2
(semver)
cpe:2.3:a:adrotate_banner_manager_project:adrotate_banner_manager:*:*:*:*:*:wordpress:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:adrotate_banner_manager_project:adrotate_banner_manager:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "adrotate_banner_manager",
"vendor": "adrotate_banner_manager_project",
"versions": [
{
"lessThanOrEqual": "5.13.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1206",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-20T15:04:56.197710Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T12:48:11.308Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AdRotate Banner Manager",
"vendor": "adegans",
"versions": [
{
"lessThanOrEqual": "5.13.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "J\u00f6rg Steinstr\u00e4ter"
}
],
"descriptions": [
{
"lang": "en",
"value": "The AdRotate Banner Manager \u2013 The only ad manager you\u0027ll need plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension sanitization in the adrotate_insert_media() function in all versions up to, and including, 5.13.2. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files with double extensions on the affected site\u0027s server which may make remote code execution possible. This is only exploitable on select instances where the configuration will execute the first extension present."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:12:02.108Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9f92219a-e07e-422d-a9f2-dbe4fbcd5f55?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/adrotate/trunk/adrotate-admin-manage.php#L418"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3138339/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-08-19T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "AdRotate \u2013 Ad manager \u0026 AdSense Ads \u003c= 5.13.2 - Authenticated (Admin+) Double Extension Arbitrary File Upload"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-1206",
"datePublished": "2024-08-20T03:21:11.012Z",
"dateReserved": "2022-04-01T18:06:08.284Z",
"dateUpdated": "2026-04-08T17:12:02.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-1206 (GCVE-0-2022-1206)
Vulnerability from nvd – Published: 2024-08-20 03:21 – Updated: 2026-04-08 17:12
VLAI
Title
AdRotate – Ad manager & AdSense Ads <= 5.13.2 - Authenticated (Admin+) Double Extension Arbitrary File Upload
Summary
The AdRotate Banner Manager – The only ad manager you'll need plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension sanitization in the adrotate_insert_media() function in all versions up to, and including, 5.13.2. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files with double extensions on the affected site's server which may make remote code execution possible. This is only exploitable on select instances where the configuration will execute the first extension present.
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| adegans | AdRotate Banner Manager |
Affected:
0 , ≤ 5.13.2
(semver)
|
|
| adrotate_banner_manager_project | adrotate_banner_manager |
Affected:
0 , ≤ 5.13.2
(semver)
cpe:2.3:a:adrotate_banner_manager_project:adrotate_banner_manager:*:*:*:*:*:wordpress:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:adrotate_banner_manager_project:adrotate_banner_manager:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "adrotate_banner_manager",
"vendor": "adrotate_banner_manager_project",
"versions": [
{
"lessThanOrEqual": "5.13.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1206",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-20T15:04:56.197710Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T12:48:11.308Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AdRotate Banner Manager",
"vendor": "adegans",
"versions": [
{
"lessThanOrEqual": "5.13.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "J\u00f6rg Steinstr\u00e4ter"
}
],
"descriptions": [
{
"lang": "en",
"value": "The AdRotate Banner Manager \u2013 The only ad manager you\u0027ll need plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension sanitization in the adrotate_insert_media() function in all versions up to, and including, 5.13.2. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files with double extensions on the affected site\u0027s server which may make remote code execution possible. This is only exploitable on select instances where the configuration will execute the first extension present."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:12:02.108Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9f92219a-e07e-422d-a9f2-dbe4fbcd5f55?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/adrotate/trunk/adrotate-admin-manage.php#L418"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3138339/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-08-19T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "AdRotate \u2013 Ad manager \u0026 AdSense Ads \u003c= 5.13.2 - Authenticated (Admin+) Double Extension Arbitrary File Upload"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-1206",
"datePublished": "2024-08-20T03:21:11.012Z",
"dateReserved": "2022-04-01T18:06:08.284Z",
"dateUpdated": "2026-04-08T17:12:02.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}