cbcvebase.

Ad Inserter Project Ad Inserter vulnerabilities

7 known vulnerabilities affecting ad_inserter_project/ad_inserter.

Total CVEs
7
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
HIGH5MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2022-0288P1MEDIUMCVSS 6.1ExploitedPoCfixed in 2.7.102022-02-21
CVE-2022-0288 [MEDIUM] CWE-79 CVE-2022-0288: The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPress plugin before 2.7.10 do no The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPress plugin before 2.7.10 do not sanitise and escape the html_element_selection parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting
nvd
CVE-2019-15324P3HIGHCVSS 8.8fixed in 2.4.222019-08-22
CVE-2019-15324 [HIGH] CWE-20 CVE-2019-15324: The ad-inserter plugin before 2.4.22 for WordPress has remote code execution. The ad-inserter plugin before 2.4.22 for WordPress has remote code execution.
nvd
CVE-2023-1549P3HIGHCVSS 7.2fixed in 2.7.272023-05-15
CVE-2023-1549 [HIGH] CWE-502 CVE-2023-1549: The Ad Inserter WordPress plugin before 2.7.27 unserializes user input provided via the settings, wh The Ad Inserter WordPress plugin before 2.7.27 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present
nvd
CVE-2023-4668P3HIGHCVSS 7.5fixed in 2.7.312023-10-20
CVE-2023-4668 [HIGH] CWE-862 CVE-2023-4668: The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai-debug-processing-fe URL parameter. This can allow unauthenticated attackers to extract sensitive data including installed plugins (present and active), active theme, various plugin settings, WordPress version, as well as some
nvd
CVE-2019-15323P3HIGHCVSS 7.5fixed in 2.4.202019-08-22
CVE-2019-15323 [HIGH] CWE-22 CVE-2019-15323: The ad-inserter plugin before 2.4.20 for WordPress has path traversal. The ad-inserter plugin before 2.4.20 for WordPress has path traversal.
nvd
CVE-2015-9497P4HIGHCVSS 8.8fixed in 1.5.32019-10-22
CVE-2015-9497 [HIGH] CWE-352 CVE-2015-9497: The ad-inserter plugin before 1.5.3 for WordPress has CSRF with resultant XSS via wp-admin/options-g The ad-inserter plugin before 1.5.3 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=ad-inserter.php.
nvd
CVE-2022-0901P4MEDIUMCVSS 6.1fixed in 2.7.122022-04-04
CVE-2022-0901 [MEDIUM] CWE-79 CVE-2022-0901: The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do not sanitise and escape the REQUEST_ The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do not sanitise and escape the REQUEST_URI before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters
nvd
Ad Inserter Project Ad Inserter vulnerabilities | cvebase