SQL Injection Vulnerability in AdRotate Plugin for WordPress
CVE-2011-4671

Currently unrated

Key Information:

Vendor: Wordpress
Status: Adrotate
Vendor: CVE Published:; 2 December 2011

Summary

The AdRotate plugin for WordPress is vulnerable to SQL injection due to improper validation of parameters. An attacker can exploit this flaw via the 'track' parameter in adrotate/adrotate-out.php, allowing them to execute arbitrary SQL commands on the database. This vulnerability affects versions up to 3.6.7 and poses significant security risks, including data exposure and unauthorized access to sensitive information. It is crucial for site administrators using affected versions to upgrade to at least version 3.6.8 to mitigate potential threats.

References

http://www.securityfocus.com/bid/50674

vdb-entryx_refsource_BID

http://secunia.com/advisories/46814

third-party-advisoryx_refsource_SECUNIA

http://downloads.wordpress.org/plugin/adrotate.3.6.8.zip

x_refsource_CONFIRM

Timeline

Vulnerability published
Dec 2, 2011
Vulnerability Reserved
Dec 2, 2011