Unrated severityNVD Advisory· Published Feb 27, 2014· Updated Jun 17, 2026
CVE-2014-1854
CVE-2014-1854
Description
SQL injection vulnerability in library/clicktracker.php in the AdRotate Pro plugin 3.9 through 3.9.5 and AdRotate Free plugin 3.9 through 3.9.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
13cpe:2.3:a:adrotateplugin:adrotate:3.9.1:*:free:*:wordpress:*:*:*+ 10 more
- cpe:2.3:a:adrotateplugin:adrotate:3.9.1:*:free:*:wordpress:*:*:*
- cpe:2.3:a:adrotateplugin:adrotate:3.9.1:*:pro:*:wordpress:*:*:*
- cpe:2.3:a:adrotateplugin:adrotate:3.9.2:*:free:*:wordpress:*:*:*
- cpe:2.3:a:adrotateplugin:adrotate:3.9.2:*:pro:*:wordpress:*:*:*
- cpe:2.3:a:adrotateplugin:adrotate:3.9.3:*:free:*:wordpress:*:*:*
- cpe:2.3:a:adrotateplugin:adrotate:3.9.3:*:pro:*:wordpress:*:*:*
- cpe:2.3:a:adrotateplugin:adrotate:3.9.4:*:free:*:wordpress:*:*:*
- cpe:2.3:a:adrotateplugin:adrotate:3.9.4:*:pro:*:wordpress:*:*:*
- cpe:2.3:a:adrotateplugin:adrotate:3.9.5:*:pro:*:wordpress:*:*:*
- cpe:2.3:a:adrotateplugin:adrotate:3.9.:*:free:*:wordpress:*:*:*
- cpe:2.3:a:adrotateplugin:adrotate:3.9.:*:pro:*:wordpress:*:*:*
3.9 - 3.9.5+ 1 more
- (no CPE)range: 3.9 - 3.9.5
- (no CPE)range: 3.9 - 3.9.4
Patches
Vulnerability mechanics
References
7- www.exploit-db.com/exploits/31834nvdExploit
- www.htbridge.com/advisory/HTB23201nvdExploit
- secunia.com/advisories/57079nvdVendor Advisory
- www.adrotateplugin.com/2014/01/adrotate-pro-3-9-6-and-adrotate-free-3-9-5nvdVendor Advisory
- www.securityfocus.com/archive/1/531176/100/0/threadednvd
- www.securityfocus.com/bid/65709nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/91253nvd
News mentions
0No linked articles in our index yet.