Ad Inserter Project: >> Ad Inserter >> 1.3.4 Security Vulnerabilities
The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai-debug-processing-fe URL parameter. This can allow unauthenticated attackers to extract sensitive data including installed plugins (present and active), active theme, various plugin settings, WordPress version, as well as some server settings such as memory limit, installation paths.
CVSS Score
5.3
EPSS Score
0.006
Published
2023-10-20
The Ad Inserter WordPress plugin before 2.7.27 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present
CVSS Score
7.2
EPSS Score
0.153
Published
2023-05-15
The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPress plugin before 2.7.10 do not sanitise and escape the html_element_selection parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting
CVSS Score
6.1
EPSS Score
0.035
Published
2022-02-21
The ad-inserter plugin before 1.5.3 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=ad-inserter.php.
CVSS Score
8.8
EPSS Score
0.004
Published
2019-10-22
The ad-inserter plugin before 2.4.20 for WordPress has path traversal.
CVSS Score
7.5
EPSS Score
0.007
Published
2019-08-22
The ad-inserter plugin before 2.4.22 for WordPress has remote code execution.
CVSS Score
8.8
EPSS Score
0.085
Published
2019-08-22