AdRotate Pro 5.3 – Important update for security and ads.txt!

This is an important update for security, but also adds the long overdue support for ads.txt. A number of smaller bugfixes for Geo Targeting, Multisite networks and some improvements to the dashboard are included as well. Update as soon as possible to get these fixes and ads.txt support.
A couple of days ago a potential vulnerability was discovered for users with privileged access to your dashboard. Emphasis on potential.

ads.txt support

AdRotate Pro can now see, read and edit your ads.txt file if you have one. You can do so from a new dashboard under Manage Adverts. If you have adverts that can use ads.txt and you have rules you can use for them you can now easily add them from your AdRotate Pro dashboard. This is an AdRotate Pro only feature.

Advertising networks increasingly want you to use ads.txt, a standard developed by the IAB, to make sure your adverts and campaigns are legitimate. Ads.txt provides that security. Networks like, DFP, DoubleClick and Google AdSense (among many others) can ask you to add their authorization to your ads.txt.

The use is usually optional, but it can also work as a assurance for advertisers. Which may convince them to advertise on your site, increasing your revenue.

Security information

Earlier this week I was contacted by a security research firm who has apparently been poking around in the code of AdRotate and they found an issue in AdRotate Free. Upon checking the code following their advisory I found a potential weak point in AdRotate Pro as well. Though the proof of concept “hack” didn’t work on AdRotate Pro. A few small tweaks made sense to prevent a crafty scammer to even get close.
A number of database queries have been updated to be more secure and more uniform (so the code looks prettier).
Without admin access your data is not at risk and there is no evidence that this vulnerability actually works or has been exploited anywhere.

Changes for AdRotate Pro 5.3

  • [new] Support to edit ads.txt
  • [fix] State and Statecode not converted to lowercase for ipstack
  • [fix] Missing $wpdb value for multisite groups
  • [fix] Geo Targeting dashboard layout
  • [fix] Possible vulnerability for users with privileged access
  • [change] Dashboard tweaks