23 matches found
CVE-2025-11745
The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field through the plugin's 'adinserter' shortcode in all versions up to, and including, 2.8.7 due to insufficient input sanitization and output escaping on user supplied...
EUVD-2019-6325
Malware in sbrugna...
EUVD-2019-6324
Malware in sbrugna...
CVE-2015-9497
The ad-inserter plugin before 1.5.3 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=ad-inserter.php...
WordPress Ad Inserter Plugin <= 2.7.37 is vulnerable to Cross Site Scripting (XSS)
Software Ad Inserter Type Plugin Vulnerable versions = 2.7.37 Fixed in 2.7.38 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49248 Patch priority Medium CVSS severity Medium 7.1 Developer Igor Funa PSID d47d8c812c52 Credits Rafie Muhammad Patchstack Required...
WordPress Plugin Ad Inserter Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
CVE-2023-1549 Ad Inserter < 2.7.27 - Admin+ PHP Object Injection
The Ad Inserter WordPress plugin before 2.7.27 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...
WordPress Ad Inserter plugin <= 2.7.11 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Taurus Omar in WordPress Ad Inserter plugin versions = 2.7.11. Solution Update the WordPress Ad Inserter plugin to the latest available version at least 2.7.12...
CVE-2022-0288
The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPress plugin before 2.7.10 do not sanitise and escape the htmlelementselection parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...
WordPress Ad Inserter plugin <= 2.7.10 - Admin+ RCE / Stored XSS vulnerability
Admin+ RCE / Stored XSS vulnerability discovered by Viktor Markopoulos in WordPress Ad Inserter plugin versions = 2.7.10. Solution Update the WordPress Ad Inserter plugin to the latest available version at least 2.7.11...
VulnCheck KEV: CVE-2022-0288
The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPress plugin before 2.7.10 do not sanitise and escape the htmlelementselection parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...
CVE-2015-9497
The ad-inserter plugin before 1.5.3 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=ad-inserter.php...
WordPress ad-inserter plugin cross-site request forgery vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. ad-inserter is an ad management plugin used in it. A cross-site request forgery vulnerability exists in WordPress ad-inserter plugin...
WordPress ad-inserter plugin path traversal vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. ad-inserter is an ad management plugin that is used in this period. A path traversal vulnerability exists in the WordPress ad-inserter...
WordPress ad-inserter plugin input validation error vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. ad-inserter is an ad management plugin that is used in this period. WordPress ad-inserter plugin has an input validation error...
CVE-2019-15324
The ad-inserter plugin before 2.4.22 for WordPress has remote code execution...
CVE-2019-15324
The ad-inserter plugin before 2.4.22 for WordPress has remote code execution...
Remote code execution
The ad-inserter plugin before 2.4.22 for WordPress has remote code execution...
PT-2019-14052 · WordPress · Ad Inserter
Name of the Vulnerable Software and Affected Versions: ad-inserter plugin versions prior to 2.4.20 Description: The issue allows for path traversal. Recommendations: For versions prior to 2.4.20, update to version 2.4.20 or later to resolve the issue...
WordPress Ad Inserter plugin <= 2.4.21 - Authenticated Remote Code Execution (RCE) vulnerability
Authenticated Remote Code Execution RCE vulnerability found by Sean Murphy WordFence in WordPress Ad Inserter plugin versions = 2.4.21. Solution Update the WordPress Ad Inserter plugin to the latest available version at least 2.4.22...