CVE-2026-9280

The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL Parameters in iframe Mode in all versions up to, and including, 2.8.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

CVE-2026-9280

The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL Parameters in iframe Mode in all versions up to, and including, 2.8.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

EUVD-2026-34945

The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL Parameters in iframe Mode in all versions up to, and including, 2.8.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

PT-2026-47138

Name of the Vulnerable Software and Affected Versions Ad Inserter – Ad Manager & AdSense Ads versions prior to 2.8.16 Description The plugin is subject to Reflected Cross-Site Scripting XSS, a flaw where an application includes untrusted data in a web page without proper validation, allowing...

CVE-2025-11745

The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field through the plugin's 'adinserter' shortcode in all versions up to, and including, 2.8.7 due to insufficient input sanitization and output escaping on user supplied...

EUVD-2019-6324

Malware in sbrugna...

EUVD-2019-6325

Malware in sbrugna...

CVE-2015-9497

The ad-inserter plugin before 1.5.3 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=ad-inserter.php...

WordPress Ad Inserter Plugin <= 2.7.37 is vulnerable to Cross Site Scripting (XSS)

Software Ad Inserter Type Plugin Vulnerable versions = 2.7.37 Fixed in 2.7.38 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49248 Patch priority Medium CVSS severity Medium 7.1 Developer Igor Funa PSID d47d8c812c52 Credits Rafie Muhammad Patchstack Required...

WordPress Plugin Ad Inserter Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

CVE-2023-1549 Ad Inserter < 2.7.27 - Admin+ PHP Object Injection

The Ad Inserter WordPress plugin before 2.7.27 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

CVE-2022-0901

The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do not sanitise and escape the REQUESTURI before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters...

WordPress Ad Inserter plugin <= 2.7.11 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Taurus Omar in WordPress Ad Inserter plugin versions = 2.7.11. Solution Update the WordPress Ad Inserter plugin to the latest available version at least 2.7.12...

CVE-2022-0288

The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPress plugin before 2.7.10 do not sanitise and escape the htmlelementselection parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

WordPress Ad Inserter plugin <= 2.7.10 - Admin+ RCE / Stored XSS vulnerability

Admin+ RCE / Stored XSS vulnerability discovered by Viktor Markopoulos in WordPress Ad Inserter plugin versions = 2.7.10. Solution Update the WordPress Ad Inserter plugin to the latest available version at least 2.7.11...

VulnCheck KEV: CVE-2022-0288

The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPress plugin before 2.7.10 do not sanitise and escape the htmlelementselection parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

CVE-2015-9497

The ad-inserter plugin before 1.5.3 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=ad-inserter.php...

WordPress ad-inserter plugin cross-site request forgery vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. ad-inserter is an ad management plugin used in it. A cross-site request forgery vulnerability exists in WordPress ad-inserter plugin...

WordPress ad-inserter plugin path traversal vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. ad-inserter is an ad management plugin that is used in this period. A path traversal vulnerability exists in the WordPress ad-inserter...

WordPress ad-inserter plugin input validation error vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. ad-inserter is an ad management plugin that is used in this period. WordPress ad-inserter plugin has an input validation error...