cleantalk
Vulnerabilities and Security Researches

Ad Inserter – Ad Manager & AdSense Ads, CVE-2023-4645

CVE, Research URL

CVE-2023-4645

Home page URL

Security reports for Ad Inserter – Ad Manager & AdSense Ads

Application

Ad Inserter – Ad Manager & AdSense Ads

Published on
Oct 19, 2023
Research Description
The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai_ajax function. This can allow unauthenticated attackers to extract sensitive data such as post titles and slugs (including those of protected posts along with their passwords), usernames, available roles, the plugin license key provided the remote debugging option is enabled. In the default state it is disabled.
Affected versions
max 2.7.31.
Status
vulnerable
Previous vulnerability researches
Ad Inserter – Ad Manager & AdSense Ads (CVE-2024-49248) , Oct 18, 2024
Ad Inserter – Ad Manager & AdSense Ads (CVE-2025-22623) , Mar 07, 2025
Ad Inserter – Ad Manager & AdSense Ads (CVE-2022-0288) , Jun 06, 2024
Ad Inserter – Ad Manager & AdSense Ads (CVE-2025-11745) , Nov 11, 2025
Ad Inserter – Ad Manager & AdSense Ads (CVE-2015-9497) , Jun 06, 2024
New vulnerability
Wikipedia Preview (CVE-2025-52738) , Nov 11, 2025
Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (CVE-2025-62973) , Nov 11, 2025
GoCache (CVE-2025-62966) , Nov 11, 2025
WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc (CVE-2025-62006) , Nov 11, 2025
Ai Auto Tool Content Writing Assistant (Bard Writer, ChatGPT ) All in One (CVE-2025-12156) , Nov 11, 2025