AdRotate Banner Manager <= 5.2 - Authenticated SQL Injection



Description
The vendor states:

"Earlier this week I was contacted by a security research firm who has apparently been poking around in the code of AdRotate and they found an issue in AdRotate Free. Upon checking the code following their advisory I found a potential weak point in AdRotate Pro as well. Though the proof of concept “hack” didn’t work on AdRotate Pro. A few small tweaks made sense to prevent a crafty scammer to even get close.
A number of database queries have been updated to be more secure and more uniform (so the code looks prettier).
Without admin access your data is not at risk and there is no evidence that this vulnerability actually works or has been exploited anywhere."

Affects Plugin

fixed in version 5.3

References

CVE 2019-13570
URL https://plugins.trac.wordpress.org/changeset/2121787/adrotate
URL https://fortiguard.com/zeroday/FG-VD-19-092
URL https://www.fortinet.com/blog/threat-research/wordpress-plugin-sql-injection-vulnerability.html
URL https://ajdg.solutions/2019/07/11/adrotate-pro-5-3-important-update-for-security-and-ads-txt/
URL https://ajdg.solutions/support/adrotate-development/

Classification

Type SQLI
OWASP Top 10 A1: Injection
CWE CWE-89

Miscellaneous

Original Researcher Tin Duong of Fortinet's FortiGuard Labs
Submitter Ryan Dewhurst
Submitter Website https://wpscan.io
Submitter Twitter ethicalhack3r
Views 2884
Verified No
WPVDB ID 9475

Timeline

Publicly Published 2019-07-11 (4 months ago)
Added 2019-07-25 (4 months ago)
Last Updated 2019-08-29 (3 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin