CVE-2023-4668
- EPSS 0.64%
- Published 20.10.2023 08:15:12
- Last modified 21.11.2024 08:35:38
The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai-debug-processing-fe URL parameter. This can allow unauthenticated attackers to extract sensitive data including installe...
CVE-2023-1549
- EPSS 17.68%
- Published 15.05.2023 13:15:10
- Last modified 24.01.2025 21:15:09
The Ad Inserter WordPress plugin before 2.7.27 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present
CVE-2022-0901
- EPSS 0.21%
- Published 04.04.2022 16:15:10
- Last modified 21.11.2024 06:39:37
The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do not sanitise and escape the REQUEST_URI before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters
CVE-2022-0288
- EPSS 3.04%
- Published 21.02.2022 11:15:09
- Last modified 21.11.2024 06:38:18
The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPress plugin before 2.7.10 do not sanitise and escape the html_element_selection parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting
CVE-2015-9497
- EPSS 0.41%
- Published 22.10.2019 21:15:10
- Last modified 21.11.2024 02:40:46
The ad-inserter plugin before 1.5.3 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=ad-inserter.php.
CVE-2019-15323
- EPSS 0.73%
- Published 22.08.2019 14:15:13
- Last modified 21.11.2024 04:28:27
The ad-inserter plugin before 2.4.20 for WordPress has path traversal.
CVE-2019-15324
- EPSS 8.45%
- Published 22.08.2019 14:15:13
- Last modified 21.11.2024 04:28:27
The ad-inserter plugin before 2.4.22 for WordPress has remote code execution.