The vendor states: “Earlier this week I was contacted by a security research firm who has apparently been poking around in the code of AdRotate and they found an issue in AdRotate Free. Upon checking the code following their advisory I found a potential weak point in AdRotate Pro as well. Though the proof of concept “hack” didn’t work on AdRotate Pro. A few small tweaks made sense to prevent a crafty scammer to even get close. A number of database queries have been updated to be more secure and more uniform (so the code looks prettier). Without admin access your data is not at risk and there is no evidence that this vulnerability actually works or has been exploited anywhere.”
ajdg.solutions/2019/07/11/adrotate-pro-5-3-important-update-for-security-and-ads-txt/
ajdg.solutions/support/adrotate-development/
fortiguard.com/zeroday/FG-VD-19-092
plugins.trac.wordpress.org/changeset/2121787/adrotate
www.fortinet.com/blog/threat-research/wordpress-plugin-sql-injection-vulnerability.html