SQL Injection Vulnerability in AdRotate Pro and Free Plugins for WordPress
CVE-2014-1854

Currently unrated

Key Information:

Vendor

Wordpress
Status
Adrotate
Vendor
CVE Published:
27 February 2014

What is CVE-2014-1854?

A SQL injection vulnerability exists in the AdRotate plugins for WordPress, allowing remote attackers to execute arbitrary SQL commands through the 'track' parameter in library/clicktracker.php. This flaw affects both AdRotate Pro and AdRotate Free versions from 3.9 to 3.9.5, potentially compromising the integrity and confidentiality of the database.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/91253
vdb-entryx_refsource_XF
http://www.adrotateplugin.com/2014/01/adrotate-pro-3-9-6-...
x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/531176/100/0/threaded
mailing-listx_refsource_BUGTRAQ

EPSS Score

15% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.