Posted on Leave a comment

AdRotate Free 5.3 – Security Update

A small update with some edits and tweaks for the dashboard and a fix for a potential security flaw. This has been fixed to minimise any risk. So please update as soon as possible.
Updating is easy and effortless, it only takes a few minutes.

Help Translate

If you’re fluent in English and another language, please consider helping with translating AdRotate to that language.
Recently AdRotate Free improved its compatibility with WordPress translation system greatly so people can easily contribute some words or lines to a language they know very well. Adding a few lines or words takes only a few minutes. But adding a full translation is of-course even more awesome.
Check out the translation system here: translate.wordpress.org/projects/wp-plugins/adrotate/. Also if you set your website to a language other than US English, a banner may appear in your AdRotate dashboard asking you to translate a few words.

Security Patch

Earlier this week I was contacted by a security research firm who has apparently been poking around in the code of AdRotate and they found an issue in the Free version of AdRotate. After checking the code and following their advisory I confirmed a potential flaw, even though their proof of concept hack didn’t exactly work. A few small tweaks were made to reduce any risk further.
A number of database queries have been updated to be more secure and more uniform (so the code looks nicer). Without admin access your data is not at risk and there is currently no evidence that this vulnerability has been exploited anywhere.

Changes for AdRotate Free 5.3

  • [fix] Possible vulnerability for users with privileged access
  • [change] Dashboard tweaks
Leave a Reply

Your email address will not be published. Required fields are marked *

Leave the field below empty!