Ad Inserter Project Ad Inserter — known CVE vulnerabilities
Every CVE whose affected-product data names Ad Inserter Project Ad Inserter, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVE-2015-9497 — CVSS 8.8 (high): The ad-inserter plugin before 1.5.3 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=ad-inserter.php.
CVE-2023-1549 — CVSS 7.2 (high): The Ad Inserter WordPress plugin before 2.7.27 unserializes user input provided via the settings, which could allow high privilege users…
CVE-2022-0288 — CVSS 6.1 (medium): The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPress plugin before 2.7.10 do not sanitise and escape the…
CVE-2022-0901 — CVSS 6.1 (medium): The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do not sanitise and escape the REQUEST_URI before outputting it back in an…
CVE-2023-4668 — CVSS 5.3 (medium): The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the…