WordPress · Adrotate · CVE-2011-4671
**Name of the Vulnerable Software and Affected Versions**
AdRotate plugin versions 3.6.6 through 3.6.7
**Description**
The issue allows remote attackers to execute arbitrary SQL commands via the `track` parameter, also known as the redirect URL, in the adrotate/adrotate-out.php file.
**Recommendations**
For AdRotate plugin versions 3.6.6 through 3.6.7, update to version 3.6.8 or later to resolve the issue.