WordPress Security Advisory – Adrotate – SQL Injection

Posted on September 29, 2011 by Steve

Application : WordPress Adrotate Plugin
Versions Affected: 3.6.5
Exploit : SQL Injection
Threat Level: Low
Fix: Update Plugin to 3.6.6
Credit: Miroslav Stamper
External Website: http://adrotateplugin.com/page/updates.php

What does it mean, do I have to do anything, if so what?

Adrotate is an ad manager for WordPress.  A malicious user could inject SQL commands to insert data into the MySQL database which could cause the system to fill up.  The threat is fairly low but it is always worth keeping uptodate.  Follow the instructions on the plugin website.

What happens if I leave it?

A malicious user can only insert data, therefore there is a possibility of the MySQL partition becoming full which would in turn crash MySQL and possibly the server.

Post to Digg Digg This Post Post to Reddit Post to Reddit Post to StumbleUpon Stumble This Post Post to Technorati Post to Technorati

This entry was posted in Web Security. Bookmark the permalink.

Comments are closed.