AD Inserter
by WordPress
Source repositories
CVEs (12)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-9497 | Hig | 0.57 | 8.8 | 0.01 | Oct 22, 2019 | The ad-inserter plugin before 1.5.3 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=ad-inserter.php. | ||
| CVE-2019-15324 | Hig | 0.57 | 8.8 | 0.04 | Aug 22, 2019 | The ad-inserter plugin before 2.4.22 for WordPress has remote code execution. | ||
| CVE-2019-15323 | Hig | 0.49 | 7.5 | 0.02 | Aug 22, 2019 | The ad-inserter plugin before 2.4.20 for WordPress has path traversal. | ||
| CVE-2023-1549 | Hig | 0.48 | 7.2 | 0.17 | May 15, 2023 | The Ad Inserter WordPress plugin before 2.7.27 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present | ||
| CVE-2025-27296 | Hig | 0.47 | 7.2 | 0.00 | Feb 24, 2025 | Missing Authorization vulnerability in revenueflex Auto Ad Inserter – Increase Google Adsense and Ad Manager Revenue revenueflex-easy-ads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Auto Ad Inserter – Increase Google Adsense and… | ||
| CVE-2024-49248 | Hig | 0.46 | 7.1 | 0.00 | Oct 17, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spacetime Ad Inserter ad-inserter allows Reflected XSS.This issue affects Ad Inserter: from n/a through <= 2.7.37. | ||
| CVE-2026-9280 | Med | 0.40 | 6.1 | 0.00 | Jun 6, 2026 | The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL Parameters in iframe Mode in all versions up to, and including, 2.8.15 due to insufficient input sanitization and output escaping. This makes it possible for… | ||
| CVE-2022-0901 | Med | 0.40 | 6.1 | 0.04 | Apr 4, 2022 | The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do not sanitise and escape the REQUEST_URI before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters | ||
| CVE-2022-0288 | Med | 0.40 | 6.1 | 0.02 | Feb 21, 2022 | The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPress plugin before 2.7.10 do not sanitise and escape the html_element_selection parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | ||
| CVE-2023-4645 | Med | 0.35 | 5.3 | 0.01 | Oct 19, 2023 | The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai_ajax function. This can allow unauthenticated attackers to extract sensitive data such as post titles and slugs (including those of protected posts… | ||
| CVE-2023-4668 | Med | 0.34 | 5.3 | 0.01 | Oct 20, 2023 | The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai-debug-processing-fe URL parameter. This can allow unauthenticated attackers to extract sensitive data including installed plugins (present and… | ||
| CVE-2025-22623 | Med | 0.33 | — | 0.00 | Mar 6, 2025 | Ad Inserter - Ad Manager and AdSense Ads 2.8.0 was found to be vulnerable. The web application dynamically generates web content without validating the source of the potentially untrusted data in myapp/includes/dst/dst.php. |
- risk 0.57cvss 8.8epss 0.01
The ad-inserter plugin before 1.5.3 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=ad-inserter.php.
- risk 0.57cvss 8.8epss 0.04
The ad-inserter plugin before 2.4.22 for WordPress has remote code execution.
- risk 0.49cvss 7.5epss 0.02
The ad-inserter plugin before 2.4.20 for WordPress has path traversal.
- risk 0.48cvss 7.2epss 0.17
The Ad Inserter WordPress plugin before 2.7.27 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present
- risk 0.47cvss 7.2epss 0.00
Missing Authorization vulnerability in revenueflex Auto Ad Inserter – Increase Google Adsense and Ad Manager Revenue revenueflex-easy-ads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Auto Ad Inserter – Increase Google Adsense and…
- risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spacetime Ad Inserter ad-inserter allows Reflected XSS.This issue affects Ad Inserter: from n/a through <= 2.7.37.
- risk 0.40cvss 6.1epss 0.00
The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL Parameters in iframe Mode in all versions up to, and including, 2.8.15 due to insufficient input sanitization and output escaping. This makes it possible for…
- risk 0.40cvss 6.1epss 0.04
The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do not sanitise and escape the REQUEST_URI before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters
- risk 0.40cvss 6.1epss 0.02
The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPress plugin before 2.7.10 do not sanitise and escape the html_element_selection parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting
- risk 0.35cvss 5.3epss 0.01
The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai_ajax function. This can allow unauthenticated attackers to extract sensitive data such as post titles and slugs (including those of protected posts…
- risk 0.34cvss 5.3epss 0.01
The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai-debug-processing-fe URL parameter. This can allow unauthenticated attackers to extract sensitive data including installed plugins (present and…
- risk 0.33cvss —epss 0.00
Ad Inserter - Ad Manager and AdSense Ads 2.8.0 was found to be vulnerable. The web application dynamically generates web content without validating the source of the potentially untrusted data in myapp/includes/dst/dst.php.