AdRotate Banner Manager 5.13.3 is a small update where the way filenames are checked is switched over from a function I made myself to a WordPress function. This helps enhance security and covers a wider range of ‘wrong’ file names that can be fixed.
Security report from Wordfence
On August 19 2024 Wordfence issued a security notice about an upload vulnerability in AdRotate Banner Manager affecting a specific subset of servers. Not high risk and severe as they classified it. I believe this report to be only half true. True in that yes at some point the issue existed, and false because I believe I fixed it 2+ years ago and they never bothered to verify the update.
As far as I know the issue has been resolved in AdRotate Banner Manager version 5.8.23. However, the changes in today’s update supplement the fix from 2 years ago. Better filename checking is always better.
Why they choose to ruin everyone’s day now, 2 years later, is a mystery to me.
Changes in version 5.13.3
- [change] Use WordPress native function renaming files when uploading files
- [change] Use WordPress native function naming folders when creating folders
- [change] Creating folders checks if folder already exists
- [change] Uploading a file checks if file already exists
- [fix] Missing confirm notice when creating a folder
Download
Grab your update today, available through automatic updates in your dashboard, via direct download through my website and Github. If you do not have AdRotate Banner Manager or AdRotate Professional yet, get your copy today through the product pages below.
