What is CVE-2026-12242?

CVE-2026-12242 is a high-severity vulnerability in Adegans Adrotate Banner Manager, classified under Code Injection. CVSS score: 8.8/10. Published 2026-06-24.

How severe is CVE-2026-12242?

High severity. CVSS v3 base score is 8.8 out of 10.

RCE in Adegans Adrotate Banner Manager

CVE-2026-12242

The AdRotate Banner Manager plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 5.17.7 via the 'banner' attribute of the adrotate shortcode. This is due to insufficient input validation and saniti…

Vulnerability class: RCE (Remote Code Execution)

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Adegans Adrotate Banner Manager — versions 0

Weakness classification (CWE)

CWE-94 — Code Injection

References

security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com

Frequently asked questions

What is CVE-2026-12242?: CVE-2026-12242 is a high-severity vulnerability in Adegans Adrotate Banner Manager, classified under Code Injection. CVSS score: 8.8/10. Published 2026-06-24.
How severe is CVE-2026-12242?: High severity. CVSS v3 base score is 8.8 out of 10.