GCVE - cpe:2.3:a:adrotateplugin:adrotate:3.9.4:*:pro:*:wordpress:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:adrotateplugin:adrotate:3.9.4:*:pro:*:wordpress:*:*:*

part: a version: 3.9.4 update: *

Vendor	Adrotateplugin (`fa70c458-f803-5db6-872e-c5a708aacb33`)
Product	Adrotate (`473e78cd-a2fa-5658-bf68-d9e264a9e088`)
Edition	pro
Language	*
Software edition	wordpress
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/adegans/adrotate`	purl2cpe	2026-06-01 10:16:39.125913

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2014-1854`	vulnerable	2026-06-03 14:33:48.661116	Details available SQL injection vulnerability in library/clicktracker.php in the AdRotate Pro plugin 3.9 through 3.9.5 and AdRotate Free plugin 3.9 through 3.9.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter. Published: 2014-02-27T15:00:00.000Z Updated: 2024-08-06T09:58:15.640Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/91253 http://www.adrotateplugin.com/2014/01/adrotate-pro-3-9-6-and-adrotate-free-3-9-5 http://www.securityfocus.com/archive/1/531176/100/0/threaded https://www.htbridge.com/advisory/HTB23201 http://www.securityfocus.com/bid/65709	Imported from gcve-enriched-dumps CVE data

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.