Ad Injection
Approved changes feed: RSS · Atom
cpe:2.3:a:ad_injection_project:ad_injection:*:*:*:*:*:wordpress:*:*
part: a version: * update: *
| Vendor | Ad Injection Project (0fa35cc1-0451-5a54-811c-46a32d9d105f) |
|---|---|
| Product | Ad Injection (fc511e4f-5457-50c1-bc7e-6732da3023f6) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2022-0661 |
vulnerable | 2026-06-03 14:45:56.579621 |
Ad Injection <= 1.2.0.19 - Admin+ Stored Cross-Site Scripting & RCE
The Ad Injection WordPress plugin through 1.2.0.19 does not properly sanitize the body of the adverts injected into the pages, allowing a high privileged user (Admin+) to inject arbitrary HTML or javascript even with unfiltered_html disallowed, leading to a stored cross-site scripting (XSS) vulnerability. Further it is also possible to inject PHP code, leading to a Remote Code execution (RCE) vulnerability, even if the DISALLOW_FILE_EDIT and DISALLOW_FILE_MOD constants are both set.
Published: 2022-04-18T17:10:28.000Z
Updated: 2024-08-02T23:32:46.540Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.