For the second day in a row a plugin has been updated to fix a SQL injection vulnerability in a less than ideal way. One of the changelog entries in the latest version of AdRotate is “[fix] Possible vulnerability for users with privileged access”. Looking at the changes made it wasn’t at first clear what way going on.

…

[Read more]