Lucene search

Ad Inserter Security Vulnerabilities

cve

CVE-2015-9497

The ad-inserter plugin before 1.5.3 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=ad-inserter.php.

8.8CVSS

8.3AI Score

0.004EPSS

2019-10-22 09:15 PM

103

cve

CVE-2019-15323

The ad-inserter plugin before 2.4.20 for WordPress has path traversal.

7.5CVSS

7.6AI Score

0.002EPSS

2019-08-22 02:15 PM

cve

CVE-2019-15324

The ad-inserter plugin before 2.4.22 for WordPress has remote code execution.

8.8CVSS

9.1AI Score

0.008EPSS

2019-08-22 02:15 PM

cve

CVE-2022-0288

The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPress plugin before 2.7.10 do not sanitise and escape the html_element_selection parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting

6.1CVSS

6AI Score

0.001EPSS

2022-02-21 11:15 AM

cve

CVE-2022-0901

The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do not sanitise and escape the REQUEST_URI before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters

6.1CVSS

5.9AI Score

0.001EPSS

2022-04-04 04:15 PM

cve

CVE-2023-1549

The Ad Inserter WordPress plugin before 2.7.27 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present

7.2CVSS

7.2AI Score

0.001EPSS

2023-05-15 01:15 PM

cve

CVE-2023-4668

The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai-debug-processing-fe URL parameter. This can allow unauthenticated attackers to extract sensitive data including installed plugins (present and active), active theme, var...

7.5CVSS

7.1AI Score

0.001EPSS

2023-10-20 08:15 AM