Show filters
7 Total Results
Displaying 1-7 of 7
Sort by:
Attacker Value
Unknown

CVE-2023-4668

Disclosure Date: October 20, 2023 (last updated October 28, 2023)
The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai-debug-processing-fe URL parameter. This can allow unauthenticated attackers to extract sensitive data including installed plugins (present and active), active theme, various plugin settings, WordPress version, as well as some server settings such as memory limit, installation paths.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-1549

Disclosure Date: May 15, 2023 (last updated October 08, 2023)
The Ad Inserter WordPress plugin before 2.7.27 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-0901

Disclosure Date: April 04, 2022 (last updated October 07, 2023)
The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do not sanitise and escape the REQUEST_URI before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-0288

Disclosure Date: February 21, 2022 (last updated October 07, 2023)
The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPress plugin before 2.7.10 do not sanitise and escape the html_element_selection parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2015-9497

Disclosure Date: October 22, 2019 (last updated November 27, 2024)
The ad-inserter plugin before 1.5.3 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=ad-inserter.php.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2019-15324

Disclosure Date: August 22, 2019 (last updated November 27, 2024)
The ad-inserter plugin before 2.4.22 for WordPress has remote code execution.
0
0
Attacker Value
Unknown

CVE-2019-15323

Disclosure Date: August 22, 2019 (last updated November 27, 2024)
The ad-inserter plugin before 2.4.20 for WordPress has path traversal.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0