154 matches found
WordPress Ad Inserter <2.7.10 - Cross-Site Scripting
WordPress Ad Inserter plugin before 2.7.10 contains a cross-site scripting vulnerability. It does not sanitize and escape the htmlelementselection parameter before outputting it back in the page. id: CVE-2022-0288 info: name: WordPress Ad Inserter 2.7.10 - Cross-Site Scripting author: DhiyaneshDK...
CVE-2026-11900
The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 2.8.16 via the 'data' attribute of the adinserter shortcode. This is due to the replaceaitags function processing a reusable-block-N tag pattern that...
CVE-2026-11900
The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 2.8.16 via the 'data' attribute of the adinserter shortcode. This is due to the replaceaitags function processing a reusable-block-N tag pattern that...
CVE-2026-11900 Ad Inserter <= 2.8.16 - Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary Post Content Disclosure via 'data' Shortcode Attribute
The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 2.8.16 via the 'data' attribute of the adinserter shortcode. This is due to the replaceaitags function processing a reusable-block-N tag pattern that...
EUVD-2026-41520
The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 2.8.16 via the 'data' attribute of the adinserter shortcode. This is due to the replaceaitags function processing a reusable-block-N tag pattern that...
PT-2026-55514
Name of the Vulnerable Software and Affected Versions Ad Inserter – Ad Manager & AdSense Ads versions prior to 2.8.17 Description An Insecure Direct Object Reference exists via the data attribute of the adinserter shortcode. The replace ai tags function processes a reusable-block-N tag pattern th...
WordPress Ad Inserter – Ad Manager & AdSense Ads plugin <= 2.8.16 - Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary Post Content Disclosure vulnerability
Insecure Direct Object Reference to Authenticated Contributor+ Arbitrary Post Content Disclosure vulnerability discovered by nightward in WordPress Plugin Ad Inserter versions = 2.8.16...
WordPress Ad Inserter – Ad Manager & AdSense Ads plugin <= 2.8.15 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by darkmode in WordPress Plugin Ad Inserter versions = 2.8.15...
CVE-2026-9280
The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL Parameters in iframe Mode in all versions up to, and including, 2.8.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
CVE-2026-9280
CVE-2026-9280 affects the Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress. The issue is a Reflected Cross‑Site Scripting (XSS) vulnerability in URL parameters when iframe mode is enabled (AI_OPTION_IFRAME) on at least one ad block. It impacts all versions up to and including 2.8.15, s...
CVE-2026-9280
The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL Parameters in iframe Mode in all versions up to, and including, 2.8.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
CVE-2026-9280 Ad Inserter <= 2.8.15 - Reflected Cross-Site Scripting via URL Parameters in iframe Mode
The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL Parameters in iframe Mode in all versions up to, and including, 2.8.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
CVE-2026-9280 Ad Inserter <= 2.8.15 - Reflected Cross-Site Scripting via URL Parameters in iframe Mode
The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL Parameters in iframe Mode in all versions up to, and including, 2.8.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
EUVD-2026-34945
The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL Parameters in iframe Mode in all versions up to, and including, 2.8.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
PT-2026-47138
Name of the Vulnerable Software and Affected Versions Ad Inserter – Ad Manager & AdSense Ads versions prior to 2.8.16 Description The plugin is subject to Reflected Cross-Site Scripting XSS, a flaw where an application includes untrusted data in a web page without proper validation, allowing...
WordPress plugin Ad Inserter – Ad Manager & AdSense Ads 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
CVE-2025-11745
The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field through the plugin's 'adinserter' shortcode in all versions up to, and including, 2.8.7 due to insufficient input sanitization and output escaping on user supplied...
CVE-2025-11745 Ad Inserter <= 2.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field
The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field through the plugin's 'adinserter' shortcode in all versions up to, and including, 2.8.7 due to insufficient input sanitization and output escaping on user supplied...
CVE-2025-11745
CVE-2025-11745 affects the WordPress plugin Ad Inserter – Ad Manager & AdSense Ads (versions up to and including 2.8.7). The vulnerability is a Stored Cross‑Site Scripting flaw in which user‑supplied attributes in the adinserter shortcode are insufficiently sanitized/escaped, allowing authenticat...
CVE-2025-11745 Ad Inserter <= 2.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field
The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field through the plugin's 'adinserter' shortcode in all versions up to, and including, 2.8.7 due to insufficient input sanitization and output escaping on user supplied...