MidnightBSD

Advisories for adrotateplugin

CVE-2011-4671 HIGH

SQL injection vulnerability in adrotate/adrotate-out.php in the AdRotate plugin 3.6.6, and other versions before 3.6.8, for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter (aka redirect URL).

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
adrotateplugin adrotate 3.0.2
adrotateplugin adrotate 0.6
adrotateplugin adrotate 3.3
adrotateplugin adrotate 2.4.2
adrotateplugin adrotate 3.0
adrotateplugin adrotate 3.6
adrotateplugin adrotate 3.6.5
adrotateplugin adrotate 0.2
adrotateplugin adrotate 0.4
adrotateplugin adrotate 2.4
adrotateplugin adrotate 3.2.2
adrotateplugin adrotate 3.1
adrotateplugin adrotate 3.6.2
adrotateplugin adrotate 3.4
adrotateplugin adrotate 3.6.1
adrotateplugin adrotate 3.0.1
adrotateplugin adrotate 0.1
adrotateplugin adrotate 3.5
adrotateplugin adrotate 2.5
adrotateplugin adrotate 2.5.1
adrotateplugin adrotate 3.6.4
adrotateplugin adrotate 0.3
adrotateplugin adrotate 3.3.1
adrotateplugin adrotate 2.2
adrotateplugin adrotate 2.3.1
adrotateplugin adrotate 2.4.4
adrotateplugin adrotate 3.6.3
adrotateplugin adrotate 0.8
adrotateplugin adrotate 2.6.1
adrotateplugin adrotate 3.2.1
adrotateplugin adrotate 2.6
adrotateplugin adrotate 0.5
adrotateplugin adrotate 2.3
adrotateplugin adrotate *
adrotateplugin adrotate 2.4.3
adrotateplugin adrotate 2.0
adrotateplugin adrotate 0.7
adrotateplugin adrotate 1.0
adrotateplugin adrotate 2.4.1
adrotateplugin adrotate 3.0.3
adrotateplugin adrotate 0.7.1
adrotateplugin adrotate 2.1
adrotateplugin adrotate 3.2
adrotateplugin adrotate 2.0.1
adrotateplugin adrotate 3.1.1
adrotateplugin adrotate 3.6.6
adrotateplugin adrotate 3.5.1
CVE-2014-1854 HIGH

SQL injection vulnerability in library/clicktracker.php in the AdRotate Pro plugin 3.9 through 3.9.5 and AdRotate Free plugin 3.9 through 3.9.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
adrotateplugin adrotate 3.9.4
adrotateplugin adrotate 3.9.3
adrotateplugin adrotate 3.9.
adrotateplugin adrotate 3.9.2
adrotateplugin adrotate 3.9.1
adrotateplugin adrotate 3.9.5