Filtered by vendor Ad Inserter Project
Subscribe
Total
6 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-1549 | 1 Ad Inserter Project | 1 Ad Inserter | 2024-02-04 | N/A | 7.2 HIGH |
The Ad Inserter WordPress plugin before 2.7.27 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present | |||||
CVE-2022-0901 | 1 Ad Inserter Project | 1 Ad Inserter | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do not sanitise and escape the REQUEST_URI before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters | |||||
CVE-2022-0288 | 2 Ad Inserter Pro Project, Ad Inserter Project | 2 Ad Inserter Pro, Ad Inserter | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPress plugin before 2.7.10 do not sanitise and escape the html_element_selection parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | |||||
CVE-2015-9497 | 1 Ad Inserter Project | 1 Ad Inserter | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
The ad-inserter plugin before 1.5.3 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=ad-inserter.php. | |||||
CVE-2019-15324 | 1 Ad Inserter Project | 1 Ad Inserter | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
The ad-inserter plugin before 2.4.22 for WordPress has remote code execution. | |||||
CVE-2019-15323 | 1 Ad Inserter Project | 1 Ad Inserter | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The ad-inserter plugin before 2.4.20 for WordPress has path traversal. |