Ad Inserter
Approved changes feed: RSS · Atom
cpe:2.3:a:ad_inserter_project:ad_inserter:*:*:*:*:*:wordpress:*:*
part: a version: * update: *
| Vendor | Ad Inserter Project (7fa1deb8-b160-5f01-8795-9c595f51f51f) |
|---|---|
| Product | Ad Inserter (f68a4db0-97d8-5dfb-8a39-cf698f112edd) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/wp-plugins/ad-inserter |
purl2cpe | 2026-06-01 10:12:18.906576 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-4668 |
vulnerable | 2026-06-03 14:53:29.272906 |
Ad Inserter <= 2.7.30 - Unauthenticated Sensitive Information Exposure via ai-debug-processing-fe
MEDIUM (5.3)
The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai-debug-processing-fe URL parameter. This can allow unauthenticated attackers to extract sensitive data including installed plugins (present and active), active theme, various plugin settings, WordPress version, as well as some server settings such as memory limit, installation paths.
Published: 2023-10-20T07:29:32.176Z
Updated: 2026-04-08T17:24:23.412Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-1549 |
vulnerable | 2026-06-03 14:48:55.727000 |
Ad Inserter < 2.7.27 - Admin+ PHP Object Injection
The Ad Inserter WordPress plugin before 2.7.27 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present
Published: 2023-05-15T12:15:30.894Z
Updated: 2025-01-24T20:20:10.676Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-0288 |
vulnerable | 2026-06-03 14:45:55.849147 |
Ad Inserter < 2.7.10 - Reflected Cross-Site Scripting
The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPress plugin before 2.7.10 do not sanitise and escape the html_element_selection parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting
Published: 2022-02-21T10:46:13.000Z
Updated: 2024-08-02T23:25:39.962Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-15324 |
vulnerable | 2026-06-03 14:39:47.547765 |
Details available
The ad-inserter plugin before 2.4.22 for WordPress has remote code execution.
Published: 2019-08-22T13:37:47.000Z
Updated: 2024-08-05T00:42:03.782Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-15323 |
vulnerable | 2026-06-03 14:39:47.547382 |
Details available
The ad-inserter plugin before 2.4.20 for WordPress has path traversal.
Published: 2019-08-22T13:37:01.000Z
Updated: 2024-08-05T00:42:03.652Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2015-9497 |
vulnerable | 2026-06-03 14:35:19.910657 |
Details available
The ad-inserter plugin before 1.5.3 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=ad-inserter.php.
Published: 2019-10-22T20:34:15.000Z
Updated: 2024-08-06T08:51:05.232Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.