Vulnerability Details CVE-2022-0901
The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do not sanitise and escape the REQUEST_URI before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.8%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- http://packetstormsecurity.com/files/166626/WordPress-Ad-Inserter-Cross-Site-Scripting.html
- https://wpscan.com/vulnerability/85582b4f-a40a-4394-9834-0c88c5dc57ba
- http://packetstormsecurity.com/files/166626/WordPress-Ad-Inserter-Cross-Site-Scripting.html
- https://wpscan.com/vulnerability/85582b4f-a40a-4394-9834-0c88c5dc57ba
Products affected by CVE-2022-0901
-
cpe:2.3:a:ad_inserter_project:ad_inserter:*
-
cpe:2.3:a:ad_inserter_project:ad_inserter:-
-
cpe:2.3:a:ad_inserter_project:ad_inserter:2.6.0
-
cpe:2.3:a:ad_inserter_project:ad_inserter:2.6.1
-
cpe:2.3:a:ad_inserter_project:ad_inserter:2.6.10
-
cpe:2.3:a:ad_inserter_project:ad_inserter:2.6.11
-
cpe:2.3:a:ad_inserter_project:ad_inserter:2.6.12
-
cpe:2.3:a:ad_inserter_project:ad_inserter:2.6.13
-
cpe:2.3:a:ad_inserter_project:ad_inserter:2.6.14
-
cpe:2.3:a:ad_inserter_project:ad_inserter:2.6.15
-
cpe:2.3:a:ad_inserter_project:ad_inserter:2.6.16
-
cpe:2.3:a:ad_inserter_project:ad_inserter:2.6.17
-
cpe:2.3:a:ad_inserter_project:ad_inserter:2.6.18
-
cpe:2.3:a:ad_inserter_project:ad_inserter:2.6.19
-
cpe:2.3:a:ad_inserter_project:ad_inserter:2.6.2
-
cpe:2.3:a:ad_inserter_project:ad_inserter:2.6.20
-
cpe:2.3:a:ad_inserter_project:ad_inserter:2.6.21
-
cpe:2.3:a:ad_inserter_project:ad_inserter:2.6.22
-
cpe:2.3:a:ad_inserter_project:ad_inserter:2.6.23
-
cpe:2.3:a:ad_inserter_project:ad_inserter:2.6.24
-
cpe:2.3:a:ad_inserter_project:ad_inserter:2.6.25
-
cpe:2.3:a:ad_inserter_project:ad_inserter:2.6.26
-
cpe:2.3:a:ad_inserter_project:ad_inserter:2.6.27
-
cpe:2.3:a:ad_inserter_project:ad_inserter:2.6.3
-
cpe:2.3:a:ad_inserter_project:ad_inserter:2.6.4
-
cpe:2.3:a:ad_inserter_project:ad_inserter:2.6.5
-
cpe:2.3:a:ad_inserter_project:ad_inserter:2.6.6
-
cpe:2.3:a:ad_inserter_project:ad_inserter:2.6.7
-
cpe:2.3:a:ad_inserter_project:ad_inserter:2.6.8
-
cpe:2.3:a:ad_inserter_project:ad_inserter:2.6.9
-
cpe:2.3:a:ad_inserter_project:ad_inserter:2.7.0
-
cpe:2.3:a:ad_inserter_project:ad_inserter:2.7.1
-
cpe:2.3:a:ad_inserter_project:ad_inserter:2.7.10
-
cpe:2.3:a:ad_inserter_project:ad_inserter:2.7.11
-
cpe:2.3:a:ad_inserter_project:ad_inserter:2.7.2
-
cpe:2.3:a:ad_inserter_project:ad_inserter:2.7.3
-
cpe:2.3:a:ad_inserter_project:ad_inserter:2.7.4
-
cpe:2.3:a:ad_inserter_project:ad_inserter:2.7.5
-
cpe:2.3:a:ad_inserter_project:ad_inserter:2.7.6
-
cpe:2.3:a:ad_inserter_project:ad_inserter:2.7.7
-
cpe:2.3:a:ad_inserter_project:ad_inserter:2.7.8
-
cpe:2.3:a:ad_inserter_project:ad_inserter:2.7.9