CVEs (7)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai-debug-processing-fe URL parameter. This can allow unauthenticated attackers to extract sen...Show more |
The Ad Inserter WordPress plugin before 2.7.27 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present |
1Ad Inserter Project 1Ad Inserter Jun 17, 2026 Apr 4, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do not sanitise and escape the REQUEST_URI before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not enc...Show more |
2Ad Inserter Pro Project Ad Inserter Project2Ad Inserter Ad Inserter ProJun 17, 2026 Feb 21, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPress plugin before 2.7.10 do not sanitise and escape the html_element_selection parameter before outputting it back in the page, leading to a Reflected...Show more |
1Ad Inserter Project 1Ad Inserter Nov 21, 2024 Oct 22, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The ad-inserter plugin before 1.5.3 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=ad-inserter.php. |
1Ad Inserter Project 1Ad Inserter Jun 17, 2026 Aug 22, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 The ad-inserter plugin before 2.4.22 for WordPress has remote code execution. |
1Ad Inserter Project 1Ad Inserter Jun 17, 2026 Aug 22, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The ad-inserter plugin before 2.4.20 for WordPress has path traversal. |