SQL Injection Vulnerability in AdRotate Pro and Free Plugins for WordPress
CVE-2014-1854

Currently unrated

Key Information:

Vendor: Wordpress
Status: Adrotate
Vendor: CVE Published:; 27 February 2014

Summary

A SQL injection vulnerability exists in the AdRotate plugins for WordPress, allowing remote attackers to execute arbitrary SQL commands through the 'track' parameter in library/clicktracker.php. This flaw affects both AdRotate Pro and AdRotate Free versions from 3.9 to 3.9.5, potentially compromising the integrity and confidentiality of the database.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/91253

vdb-entryx_refsource_XF

http://www.adrotateplugin.com/2014/01/adrotate-pro-3-9-6-...

x_refsource_CONFIRM

http://www.securityfocus.com/archive/1/531176/100/0/threaded

mailing-listx_refsource_BUGTRAQ

EPSS Score

15% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Feb 27, 2014
Vulnerability Reserved
Feb 2, 2014