WordPress AdRotate Plugin 'clicktracker.php' SQL Injection Vulnerability

Summary
This host is installed with WordPress AdRotate Plugin and is prone to sql injection vulnerability.
Impact
Successful exploitation will allow attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
Solution
Upgrade AdRotate Pro to version 3.9.6 or higher and AdRotate Free to version 3.9.5 or higher, For Updates refer to http://www.adrotateplugin.com
Insight
Flaw is due to the library/clicktracker.php script not properly sanitizing user-supplied input to the 'track' parameter.
Affected
Wordpress AdRotate Pro plugin version 3.9 through 3.9.5 and AdRotate Free plugin version 3.9 through 3.9.4
Detection
Send a crafted exploit string via HTTP GET request and check whether it is possible to execute sql query or not.
References