214 matches found
CVE-2023-1549
The Ad Inserter WordPress plugin before 2.7.27 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...
CVE-2023-1549 Ad Inserter < 2.7.27 - Admin+ PHP Object Injection
The Ad Inserter WordPress plugin before 2.7.27 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...
CVE-2023-1549 Ad Inserter < 2.7.27 - Admin+ PHP Object Injection
The Ad Inserter WordPress plugin before 2.7.27 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...
CVE-2023-1549
The CVE-2023-1549 issue affects the Ad Inserter WordPress plugin prior to version 2.7.27. It involves unserializing user input from the plugin settings, which could enable PHP Object Injection when a suitable gadget is present, potentially allowing high-privilege users (e.g., admins) to leverage ...
PT-2023-17068 · WordPress · Ad Inserter
Name of the Vulnerable Software and Affected Versions: Ad Inserter WordPress plugin versions prior to 2.7.27 Description: The issue allows high privilege users, such as admins, to perform PHP Object Injection when a suitable gadget is present. This is due to the plugin unserializing user input...
WordPress plugin Ad Inserter 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...
WordPress Ad Inserter Plugin < 2.7.27 is vulnerable to PHP Object Injection
Software Ad Inserter Type Plugin Vulnerable versions 2.7.27 Fixed in 2.7.27 OWASP Top 10 A8: Insecure Deserialization Classification PHP Object Injection CVE CVE-2023-1549 Patch priority Low CVSS severity Low 4.4 Developer Igor Funa PSID 3b84de757ee4 Credits Nguyen Huu Do Required privilege...
Ad Inserter < 2.7.27 - Admin+ PHP Object Injection
The plugin unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup : void die"Arbitra...
Oturia Smart Google Code Inserter Plugin for WordPress < 3.5 Multiple Vulnerabilities
The WordPress Oturia Smart Google Code Inserter Plugin installed on the remote host is affected by multiple vulnerabilities :\n\n - An Authentication Bypass which allows unauthenticated attackers to insert arbitrary JavaScript or HTML code via the sgcgoogleanalytic parameter.\n - An SQL Injection...
WordPress Ad Inserter Free and Pro plugin跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress Ad Inserter Free and Pro plugin has a cross-site scripting vulnerability that stems from the fact that before the request U...
WordPress Ad Inserter Cross Site Scripting
Tittle: WordPress Plugin Ad Inserter Classification Type XSS OWASP top 10 A7: Cross-Site Scripting XSS CWE-79 wpScan: https://wpscan.com/vulnerability/85582b4f-a40a-4394-9834-0c88c5dc57ba...
CVE-2022-0901
The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do not sanitise and escape the REQUESTURI before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters...
CVE-2022-0901
The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do not sanitise and escape the REQUESTURI before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters...
CVE-2022-0901
The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do not sanitise and escape the REQUESTURI before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters...
Cross site scripting
The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do not sanitise and escape the REQUESTURI before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters...
CVE-2022-0901
The CVE-2022-0901 entry concerns the WordPress Ad Inserter Free and Pro plugins prior to version 2.7.12, where the REQUEST_URI is not sanitized/escaped before being output on an admin page, enabling a Reflected Cross-Site Scripting (XSS) vulnerability. The issue affects Ad Inserter and Ad Inserte...
CVE-2022-0901 Ad Inserter < 2.7.12 - Reflected Cross-Site Scripting
The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do not sanitise and escape the REQUESTURI before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters...
WordPress plugins Ad Inserter Free and Pro 跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress Ad Inserter Free and Pro plugin has a cross-site scripting vulnerability that stems from the fact that before the request U...
WordPress Ad Inserter plugin <= 2.7.11 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Taurus Omar in WordPress Ad Inserter plugin versions = 2.7.11. Solution Update the WordPress Ad Inserter plugin to the latest available version at least 2.7.12...
Ad Inserter < 2.7.12 - Reflected Cross-Site Scripting
The plugins do not sanitise and escape the REQUESTURI before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters PoC In a browser which does not encode characters:...