WordPress Security Advisory – Adrotate – SQL Injection

Application : WordPress Adrotate Plugin
Versions Affected: 3.6.5
Exploit : SQL Injection
Threat Level: Low
Fix: Update Plugin to 3.6.6
Credit: Miroslav Stamper
External Website: http://adrotateplugin.com/page/updates.php

What does it mean, do I have to do anything, if so what?

Adrotate is an ad manager for WordPress.  A malicious user could inject SQL commands to insert data into the MySQL database which could cause the system to fill up.  The threat is fairly low but it is always worth keeping uptodate.  Follow the instructions on the plugin website.

What happens if I leave it?

A malicious user can only insert data, therefore there is a possibility of the MySQL partition becoming full which would in turn crash MySQL and possibly the server.

This entry was posted in Web Security. Bookmark the permalink.

Comments are closed.