VYPR

AD Inserter

by WordPress

Source repositories

CVEs (12)

  • CVE-2015-9497HigOct 22, 2019
    risk 0.57cvss 8.8epss 0.01

    The ad-inserter plugin before 1.5.3 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=ad-inserter.php.

  • CVE-2019-15324HigAug 22, 2019
    risk 0.57cvss 8.8epss 0.04

    The ad-inserter plugin before 2.4.22 for WordPress has remote code execution.

  • CVE-2019-15323HigAug 22, 2019
    risk 0.49cvss 7.5epss 0.02

    The ad-inserter plugin before 2.4.20 for WordPress has path traversal.

  • CVE-2023-1549HigMay 15, 2023
    risk 0.48cvss 7.2epss 0.17

    The Ad Inserter WordPress plugin before 2.7.27 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present

  • CVE-2025-27296HigFeb 24, 2025
    risk 0.47cvss 7.2epss 0.00

    Missing Authorization vulnerability in revenueflex Auto Ad Inserter – Increase Google Adsense and Ad Manager Revenue revenueflex-easy-ads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Auto Ad Inserter – Increase Google Adsense and…

  • CVE-2024-49248HigOct 17, 2024
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spacetime Ad Inserter ad-inserter allows Reflected XSS.This issue affects Ad Inserter: from n/a through <= 2.7.37.

  • CVE-2026-9280MedJun 6, 2026
    risk 0.40cvss 6.1epss 0.00

    The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL Parameters in iframe Mode in all versions up to, and including, 2.8.15 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2022-0901MedApr 4, 2022
    risk 0.40cvss 6.1epss 0.04

    The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do not sanitise and escape the REQUEST_URI before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters

  • CVE-2022-0288MedFeb 21, 2022
    risk 0.40cvss 6.1epss 0.02

    The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPress plugin before 2.7.10 do not sanitise and escape the html_element_selection parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting

  • CVE-2023-4645MedOct 19, 2023
    risk 0.35cvss 5.3epss 0.01

    The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai_ajax function. This can allow unauthenticated attackers to extract sensitive data such as post titles and slugs (including those of protected posts…

  • CVE-2023-4668MedOct 20, 2023
    risk 0.34cvss 5.3epss 0.01

    The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai-debug-processing-fe URL parameter. This can allow unauthenticated attackers to extract sensitive data including installed plugins (present and…

  • CVE-2025-22623MedMar 6, 2025
    risk 0.33cvss epss 0.00

    Ad Inserter - Ad Manager and AdSense Ads 2.8.0 was found to be vulnerable. The web application dynamically generates web content without validating the source of the potentially untrusted data in myapp/includes/dst/dst.php.