Vulnerabilities and security researches forad-inserter ad-inserter

Direction: ascending

Jun 06, 2024

Ad Inserter – Ad Manager & AdSense Ads # CVE-2022-0288

CVE, Research URL: CVE-2022-0288
Home page URL: Security reports for Ad Inserter – Ad Manager & AdSense Ads
Application: Ad Inserter – Ad Manager & AdSense Ads
Date: Feb 21, 2022
Research Description: The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPress plugin before 2.7.10 do not sanitise and escape the html_element_selection parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting
Affected versions: max 2.7.12.
Status: vulnerable

Ad Inserter – Ad Manager & AdSense Ads # CVE-2015-9497

CVE, Research URL: CVE-2015-9497
Home page URL: Security reports for Ad Inserter – Ad Manager & AdSense Ads
Application: Ad Inserter – Ad Manager & AdSense Ads
Date: Oct 23, 2019
Research Description: The ad-inserter plugin before 1.5.3 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=ad-inserter.php.
Affected versions: max 1.5.3.
Status: vulnerable

Ad Inserter – Ad Manager & AdSense Ads # CVE-2022-0901

CVE, Research URL: CVE-2022-0901
Home page URL: Security reports for Ad Inserter – Ad Manager & AdSense Ads
Application: Ad Inserter – Ad Manager & AdSense Ads
Date: Apr 04, 2022
Research Description: The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do not sanitise and escape the REQUEST_URI before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters
Affected versions: max 1.5.6.
Status: vulnerable

Ad Inserter – Ad Manager & AdSense Ads # CVE-2019-15323

CVE, Research URL: CVE-2019-15323
Home page URL: Security reports for Ad Inserter – Ad Manager & AdSense Ads
Application: Ad Inserter – Ad Manager & AdSense Ads
Date: Aug 22, 2019
Research Description: The ad-inserter plugin before 2.4.20 for WordPress has path traversal.
Affected versions: max 2.4.20.
Status: vulnerable

Ad Inserter – Ad Manager & AdSense Ads # CVE-2019-15324

CVE, Research URL: CVE-2019-15324
Home page URL: Security reports for Ad Inserter – Ad Manager & AdSense Ads
Application: Ad Inserter – Ad Manager & AdSense Ads
Date: Aug 22, 2019
Research Description: The ad-inserter plugin before 2.4.22 for WordPress has remote code execution.
Affected versions: max 2.4.22.
Status: vulnerable

Ad Inserter – Ad Manager & AdSense Ads # CVE-2023-1549

CVE, Research URL: CVE-2023-1549
Home page URL: Security reports for Ad Inserter – Ad Manager & AdSense Ads
Application: Ad Inserter – Ad Manager & AdSense Ads
Date: May 15, 2023
Research Description: The Ad Inserter WordPress plugin before 2.7.27 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present
Affected versions: max 2.7.27.
Status: vulnerable

Ad Inserter – Ad Manager & AdSense Ads # CVE-2023-4668

CVE, Research URL: CVE-2023-4668
Home page URL: Security reports for Ad Inserter – Ad Manager & AdSense Ads
Application: Ad Inserter – Ad Manager & AdSense Ads
Date: Oct 20, 2023
Research Description: The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai-debug-processing-fe URL parameter. This can allow unauthenticated attackers to extract sensitive data including installed plugins (present and active), active theme, various plugin settings, WordPress version, as well as some server settings such as memory limit, installation paths.
Affected versions: max 2.7.31.
Status: vulnerable

Ad Inserter – Ad Manager & AdSense Ads # CVE-2023-4645

CVE, Research URL: CVE-2023-4645
Home page URL: Security reports for Ad Inserter – Ad Manager & AdSense Ads
Application: Ad Inserter – Ad Manager & AdSense Ads
Date: Oct 19, 2023
Research Description: The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai_ajax function. This can allow unauthenticated attackers to extract sensitive data such as post titles and slugs (including those of protected posts along with their passwords), usernames, available roles, the plugin license key provided the remote debugging option is enabled. In the default state it is disabled.
Affected versions: max 2.7.31.
Status: vulnerable

Oct 18, 2024

Ad Inserter – Ad Manager & AdSense Ads # CVE-2024-49248

CVE, Research URL: CVE-2024-49248
Home page URL: Security reports for Ad Inserter – Ad Manager & AdSense Ads
Application: Ad Inserter – Ad Manager & AdSense Ads
Date: Oct 18, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Igor Funa Ad Inserter allows Reflected XSS.This issue affects Ad Inserter: from n/a through 2.7.37.
Affected versions: max 2.7.38.
Status: vulnerable

Mar 07, 2025

Ad Inserter – Ad Manager & AdSense Ads # CVE-2025-22623

CVE, Research URL: CVE-2025-22623
Home page URL: Security reports for Ad Inserter – Ad Manager & AdSense Ads
Application: Ad Inserter – Ad Manager & AdSense Ads
Date: Mar 06, 2025
Research Description: Ad Inserter - Ad Manager and AdSense Ads 2.8.0 was found to be vulnerable. The web application dynamically generates web content without validating the source of the potentially untrusted data in myapp/includes/dst/dst.php.
Affected versions: max 2.8.1.
Status: vulnerable

Nov 11, 2025

Ad Inserter – Ad Manager & AdSense Ads # CVE-2025-11745

CVE, Research URL: CVE-2025-11745
Home page URL: Security reports for Ad Inserter – Ad Manager & AdSense Ads
Application: Ad Inserter – Ad Manager & AdSense Ads
Date: Nov 05, 2025
Research Description: The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field through the plugin's 'adinserter' shortcode in all versions up to, and including, 2.8.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 2.8.8.
Status: vulnerable

Vulnerabilities and security researches forad-inserter ad-inserter

Ad Inserter &#8211; Ad Manager &amp; AdSense Ads # CVE-2022-0288

Ad Inserter &#8211; Ad Manager &amp; AdSense Ads # CVE-2015-9497

Ad Inserter &#8211; Ad Manager &amp; AdSense Ads # CVE-2022-0901

Ad Inserter &#8211; Ad Manager &amp; AdSense Ads # CVE-2019-15323

Ad Inserter &#8211; Ad Manager &amp; AdSense Ads # CVE-2019-15324

Ad Inserter &#8211; Ad Manager &amp; AdSense Ads # CVE-2023-1549

Ad Inserter &#8211; Ad Manager &amp; AdSense Ads # CVE-2023-4668

Ad Inserter &#8211; Ad Manager &amp; AdSense Ads # CVE-2023-4645

Ad Inserter &#8211; Ad Manager &amp; AdSense Ads # CVE-2024-49248

Ad Inserter &#8211; Ad Manager &amp; AdSense Ads # CVE-2025-22623

Ad Inserter &#8211; Ad Manager &amp; AdSense Ads # CVE-2025-11745

Ad Inserter – Ad Manager & AdSense Ads # CVE-2022-0288

Ad Inserter – Ad Manager & AdSense Ads # CVE-2015-9497

Ad Inserter – Ad Manager & AdSense Ads # CVE-2022-0901

Ad Inserter – Ad Manager & AdSense Ads # CVE-2019-15323

Ad Inserter – Ad Manager & AdSense Ads # CVE-2019-15324

Ad Inserter – Ad Manager & AdSense Ads # CVE-2023-1549

Ad Inserter – Ad Manager & AdSense Ads # CVE-2023-4668

Ad Inserter – Ad Manager & AdSense Ads # CVE-2023-4645

Ad Inserter – Ad Manager & AdSense Ads # CVE-2024-49248

Ad Inserter – Ad Manager & AdSense Ads # CVE-2025-22623

Ad Inserter – Ad Manager & AdSense Ads # CVE-2025-11745