SQL injection vulnerability in library/clicktracker.php in the AdRotate Pro plugin 3.9 through 3.9.5 and AdRotate Free plugin 3.9 through 3.9.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter.Referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/91253http://www.adrotateplugin.com/2014/01/adrotate-pro-3-9-6-and-adrotate-free-3-9-5http://www.securityfocus.com/archive/1/531176/100/0/threadedhttps://www.htbridge.com/advisory/HTB23201http://www.securityfocus.com/bid/65709http://www.exploit-db.com/exploits/31834http://secunia.com/advisories/57079
