Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total6
Critical0
High1
Medium5
Reset
Showing 1-6 of 6 records
Threat Entry Updated 2025-11-06

CVE-2025-11745 - Ad Inserter Plugin

The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field through the plugin's 'adinserter' shortcode in all versions up to, and including, 2.8.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Ad Inserter

CVE-2025-11745

MEDIUM CVSS 6.4 2025-11-05
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-4668 - Ad Inserter Plugin

The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai-debug-processing-fe URL parameter. This can allow unauthenticated attackers to extract sensitive data including installed plugins (present and active), active theme, various plugin settings, WordPress version, as well as some server settings such as memory limit, installation paths.

PLUGIN Ad Inserter

CVE-2023-4668

MEDIUM CVSS 5.3 2023-10-20
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-4645 - Ad Inserter Plugin

The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai_ajax function. This can allow unauthenticated attackers to extract sensitive data such as post titles and slugs (including those of protected posts along with their passwords), usernames, available roles, the plugin license key provided the remote debugging option is enabled. In the default state it is disabled.

PLUGIN Ad Inserter

CVE-2023-4645

MEDIUM CVSS 5.3 2023-10-19
Open Full Technical Breakdown
Threat Entry Updated 2025-01-24

CVE-2023-1549 - Ad Inserter Plugin

The Ad Inserter WordPress plugin before 2.7.27 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present

PLUGIN Ad Inserter

CVE-2023-1549

HIGH CVSS 7.2 2023-05-15
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-0901 - Ad Inserter Plugin

The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do not sanitise and escape the REQUEST_URI before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters

PLUGIN Ad Inserter

CVE-2022-0901

MEDIUM CVSS 6.1 2022-04-04
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-0288 - Ad Inserter Plugin

The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPress plugin before 2.7.10 do not sanitise and escape the html_element_selection parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting

PLUGIN Ad Inserter

CVE-2022-0288

MEDIUM CVSS 6.1 2022-02-21
Open Full Technical Breakdown
Scroll to top