cbcvebase.
CVE-2022-0288
published 2022-02-21

CVE-2022-0288: The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPress plugin before 2.7.10 do not sanitise and escape the html_element_selection parameter…

PriorityP180medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
2.39%
81.9th percentile
The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPress plugin before 2.7.10 do not sanitise and escape the html_element_selection parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting

Affected

7 ranges
VendorProductVersion rangeFixed in
ad_inserter_pro_projectad_inserter_pro< 2.7.102.7.10
ad_inserter_projectad_inserter< 2.7.102.7.10
vimvim>= 0 < 2:8.0.1453-1ubuntu1.112:8.0.1453-1ubuntu1.11
vimvim>= 0 < 2:8.1.2269-1ubuntu5.122:8.1.2269-1ubuntu5.12
vimvim>= 0 < 2:8.2.3995-1ubuntu2.42:8.2.3995-1ubuntu2.4
vimvim>= 0 < 2:7.4.052-1ubuntu3.1+esm72:7.4.052-1ubuntu3.1+esm7
vimvim>= 0 < 2:7.4.1689-3ubuntu1.5+esm172:7.4.1689-3ubuntu1.5+esm17

Detection & IOCsextracted from sources · hover to see the quote

otherhtml_element_selection
otherad-inserter
  • Request uses Content-Type application/x-www-form-urlencoded; monitor POST requests to WordPress Ad Inserter plugin endpoints for unsanitised html_element_selection parameter
  • HTTP 200 response with text/html content type containing both the XSS payload and 'ad-inserter' indicates successful reflection
  • ·Vulnerability affects Ad Inserter and Ad Inserter Pro WordPress plugins strictly before version 2.7.10; versions 2.7.10 and above are patched

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv7.8HIGH
vulncheck6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.