Lucene search
+L

214 matches found

OSV
OSV
added 2023/05/15 1:15 p.m.4 views

CVE-2023-1549

The Ad Inserter WordPress plugin before 2.7.27 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

7.2CVSS7.2AI score0.16903EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/05/15 12:15 p.m.21 views

CVE-2023-1549 Ad Inserter < 2.7.27 - Admin+ PHP Object Injection

The Ad Inserter WordPress plugin before 2.7.27 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

7.2AI score0.16903EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/05/15 12:15 p.m.17 views

CVE-2023-1549 Ad Inserter < 2.7.27 - Admin+ PHP Object Injection

The Ad Inserter WordPress plugin before 2.7.27 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

7.1AI score0.16903EPSS
Exploits2References1
CVE
CVE
added 2023/05/15 12:15 p.m.61 views

CVE-2023-1549

The CVE-2023-1549 issue affects the Ad Inserter WordPress plugin prior to version 2.7.27. It involves unserializing user input from the plugin settings, which could enable PHP Object Injection when a suitable gadget is present, potentially allowing high-privilege users (e.g., admins) to leverage ...

7.2CVSS7.2AI score0.16903EPSS
Exploits2References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/05/15 12:0 a.m.7 views

PT-2023-17068 · WordPress · Ad Inserter

Name of the Vulnerable Software and Affected Versions: Ad Inserter WordPress plugin versions prior to 2.7.27 Description: The issue allows high privilege users, such as admins, to perform PHP Object Injection when a suitable gadget is present. This is due to the plugin unserializing user input...

7.2CVSS9.6AI score0.16903EPSS
Exploits2References5
CNNVD
CNNVD
added 2023/05/15 12:0 a.m.6 views

WordPress plugin Ad Inserter 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

7.2CVSS7.8AI score0.16903EPSS
Exploits2References2
Patchstack
Patchstack
added 2023/04/27 12:0 a.m.16 views

WordPress Ad Inserter Plugin < 2.7.27 is vulnerable to PHP Object Injection

Software Ad Inserter Type Plugin Vulnerable versions 2.7.27 Fixed in 2.7.27 OWASP Top 10 A8: Insecure Deserialization Classification PHP Object Injection CVE CVE-2023-1549 Patch priority Low CVSS severity Low 4.4 Developer Igor Funa PSID 3b84de757ee4 Credits Nguyen Huu Do Required privilege...

7.2CVSS6.9AI score0.16903EPSS
Exploits2References3Affected Software1
wpexploit
wpexploit
added 2023/04/19 12:0 a.m.165 views

Ad Inserter < 2.7.27 - Admin+ PHP Object Injection

The plugin unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup : void die"Arbitra...

7.2CVSS9.5AI score0.16903EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2023/02/07 12:0 a.m.26 views

Oturia Smart Google Code Inserter Plugin for WordPress < 3.5 Multiple Vulnerabilities

The WordPress Oturia Smart Google Code Inserter Plugin installed on the remote host is affected by multiple vulnerabilities :\n\n - An Authentication Bypass which allows unauthenticated attackers to insert arbitrary JavaScript or HTML code via the sgcgoogleanalytic parameter.\n - An SQL Injection...

9.8CVSS8.9AI score0.91477EPSS
Exploits6References3
CNVD
CNVD
added 2022/04/07 12:0 a.m.17 views

WordPress Ad Inserter Free and Pro plugin跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress Ad Inserter Free and Pro plugin has a cross-site scripting vulnerability that stems from the fact that before the request U...

6.1CVSS0.9AI score0.03541EPSS
Exploits4References1
Packet Storm
Packet Storm
added 2022/04/07 12:0 a.m.430 views

WordPress Ad Inserter Cross Site Scripting

Tittle: WordPress Plugin Ad Inserter Classification Type XSS OWASP top 10 A7: Cross-Site Scripting XSS CWE-79 wpScan: https://wpscan.com/vulnerability/85582b4f-a40a-4394-9834-0c88c5dc57ba...

6.3AI score0.03541EPSS
Exploits4
NVD
NVD
added 2022/04/04 4:15 p.m.47 views

CVE-2022-0901

The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do not sanitise and escape the REQUESTURI before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters...

6.1CVSS0.03541EPSS
Exploits4References2
OSV
OSV
added 2022/04/04 4:15 p.m.6 views

CVE-2022-0901

The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do not sanitise and escape the REQUESTURI before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters...

6.1CVSS6.4AI score0.03541EPSS
Exploits4References2
ATTACKERKB
ATTACKERKB
added 2022/04/04 4:15 p.m.8 views

CVE-2022-0901

The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do not sanitise and escape the REQUESTURI before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters...

6.1CVSS6.3AI score0.03541EPSS
Exploits4References3
Prion
Prion
added 2022/04/04 4:15 p.m.17 views

Cross site scripting

The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do not sanitise and escape the REQUESTURI before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters...

4.3CVSS6AI score0.03541EPSS
Exploits4References2Affected Software1
CVE
CVE
added 2022/04/04 3:35 p.m.89 views

CVE-2022-0901

The CVE-2022-0901 entry concerns the WordPress Ad Inserter Free and Pro plugins prior to version 2.7.12, where the REQUEST_URI is not sanitized/escaped before being output on an admin page, enabling a Reflected Cross-Site Scripting (XSS) vulnerability. The issue affects Ad Inserter and Ad Inserte...

6.1CVSS6AI score0.03541EPSS
Exploits4References2Affected Software1
Cvelist
Cvelist
added 2022/04/04 3:35 p.m.46 views

CVE-2022-0901 Ad Inserter < 2.7.12 - Reflected Cross-Site Scripting

The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do not sanitise and escape the REQUESTURI before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters...

6.2AI score0.03541EPSS
Exploits4References2
CNNVD
CNNVD
added 2022/04/04 12:0 a.m.8 views

WordPress plugins Ad Inserter Free and Pro 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress Ad Inserter Free and Pro plugin has a cross-site scripting vulnerability that stems from the fact that before the request U...

6.1CVSS5.3AI score0.03541EPSS
Exploits4References4
Patchstack
Patchstack
added 2022/03/14 12:0 a.m.27 views

WordPress Ad Inserter plugin <= 2.7.11 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Taurus Omar in WordPress Ad Inserter plugin versions = 2.7.11. Solution Update the WordPress Ad Inserter plugin to the latest available version at least 2.7.12...

6.1CVSS2.2AI score0.03541EPSS
Exploits4References3Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/14 12:0 a.m.21 views

Ad Inserter < 2.7.12 - Reflected Cross-Site Scripting

The plugins do not sanitise and escape the REQUESTURI before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters PoC In a browser which does not encode characters:...

6.1CVSS0.9AI score0.03541EPSS
Exploits4Affected Software2
Rows per page
Query Builder