Lucene search
K

153 matches found

Nuclei
Nuclei
added 11 hours ago40 views

WordPress Ad Inserter <2.7.10 - Cross-Site Scripting

WordPress Ad Inserter plugin before 2.7.10 contains a cross-site scripting vulnerability. It does not sanitize and escape the htmlelementselection parameter before outputting it back in the page. id: CVE-2022-0288 info: name: WordPress Ad Inserter 2.7.10 - Cross-Site Scripting author: DhiyaneshDK...

6.1CVSS6.3AI score0.02389EPSS
Exploits2References4
NVD
NVD
added 6 days ago8 views

CVE-2026-11900

The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 2.8.16 via the 'data' attribute of the adinserter shortcode. This is due to the replaceaitags function processing a reusable-block-N tag pattern that...

4.3CVSS0.00273EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 6 days ago5 views

CVE-2026-11900

The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 2.8.16 via the 'data' attribute of the adinserter shortcode. This is due to the replaceaitags function processing a reusable-block-N tag pattern that...

4.3CVSS6AI score0.00273EPSS
Exploits0References11
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-11900 Ad Inserter <= 2.8.16 - Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary Post Content Disclosure via 'data' Shortcode Attribute

The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 2.8.16 via the 'data' attribute of the adinserter shortcode. This is due to the replaceaitags function processing a reusable-block-N tag pattern that...

4.3CVSS0.00273EPSS
Exploits0References10
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-41520

The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 2.8.16 via the 'data' attribute of the adinserter shortcode. This is due to the replaceaitags function processing a reusable-block-N tag pattern that...

4.3CVSS6AI score0.00273EPSS
Exploits0References10
Patchstack
Patchstack
added last week4 views

WordPress Ad Inserter – Ad Manager & AdSense Ads plugin <= 2.8.16 - Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary Post Content Disclosure vulnerability

Insecure Direct Object Reference to Authenticated Contributor+ Arbitrary Post Content Disclosure vulnerability discovered by nightward in WordPress Plugin Ad Inserter versions = 2.8.16...

4.3CVSS5.9AI score0.00273EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/09 9:50 a.m.14 views

WordPress Ad Inserter – Ad Manager & AdSense Ads plugin <= 2.8.15 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by darkmode in WordPress Plugin Ad Inserter versions = 2.8.15...

6.1CVSS5.4AI score0.00225EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/07 8:59 a.m.16 views

CVE-2026-9280

The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL Parameters in iframe Mode in all versions up to, and including, 2.8.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.1CVSS5.7AI score0.00225EPSS
Exploits0References1
CVE
CVE
added 2026/06/06 2:28 a.m.26 views

CVE-2026-9280

CVE-2026-9280 affects the Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress. The issue is a Reflected Cross‑Site Scripting (XSS) vulnerability in URL parameters when iframe mode is enabled (AI_OPTION_IFRAME) on at least one ad block. It impacts all versions up to and including 2.8.15, s...

6.1CVSS5.7AI score0.00225EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/06 2:28 a.m.9 views

CVE-2026-9280

The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL Parameters in iframe Mode in all versions up to, and including, 2.8.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.1CVSS5.7AI score0.00225EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/06/06 2:28 a.m.11 views

CVE-2026-9280 Ad Inserter <= 2.8.15 - Reflected Cross-Site Scripting via URL Parameters in iframe Mode

The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL Parameters in iframe Mode in all versions up to, and including, 2.8.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.1CVSS5.7AI score0.00225EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/06 2:28 a.m.44 views

CVE-2026-9280 Ad Inserter <= 2.8.15 - Reflected Cross-Site Scripting via URL Parameters in iframe Mode

The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL Parameters in iframe Mode in all versions up to, and including, 2.8.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.1CVSS0.00225EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/06 2:28 a.m.15 views

EUVD-2026-34945

The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL Parameters in iframe Mode in all versions up to, and including, 2.8.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.1CVSS5.7AI score0.00225EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/06 12:0 a.m.22 views

PT-2026-47138

Name of the Vulnerable Software and Affected Versions Ad Inserter – Ad Manager & AdSense Ads versions prior to 2.8.16 Description The plugin is subject to Reflected Cross-Site Scripting XSS, a flaw where an application includes untrusted data in a web page without proper validation, allowing...

6.1CVSS5.7AI score0.00225EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.8 views

WordPress plugin Ad Inserter – Ad Manager & AdSense Ads 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.1CVSS5.4AI score0.00225EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/11/06 12:6 p.m.17 views

CVE-2025-11745

The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field through the plugin's 'adinserter' shortcode in all versions up to, and including, 2.8.7 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS5AI score0.00211EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/05 11:24 a.m.2 views

CVE-2025-11745 Ad Inserter <= 2.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field

The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field through the plugin's 'adinserter' shortcode in all versions up to, and including, 2.8.7 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS4.7AI score0.00211EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/05 11:24 a.m.8 views

CVE-2025-11745 Ad Inserter <= 2.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field

The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field through the plugin's 'adinserter' shortcode in all versions up to, and including, 2.8.7 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS0.00211EPSS
Exploits0References3
CVE
CVE
added 2025/11/05 11:24 a.m.19 views

CVE-2025-11745

CVE-2025-11745 affects the WordPress plugin Ad Inserter – Ad Manager & AdSense Ads (versions up to and including 2.8.7). The vulnerability is a Stored Cross‑Site Scripting flaw in which user‑supplied attributes in the adinserter shortcode are insufficiently sanitized/escaped, allowing authenticat...

6.4CVSS4.7AI score0.00211EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/11/05 1:36 a.m.7 views

WordPress Ad Inserter plugin <= 2.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Custom Field vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Ad Inserter versions = 2.8.7...

6.4CVSS5.6AI score0.00211EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder