🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Ad Inserter – Ad Manager & AdSense Ads

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > Ad Inserter – Ad Manager & AdSense Ads

Information

Software Type	Plugin
Software Slug	ad-inserter (view on wordpress.org)
Software Status	Active
Software Author	spacetime
Software Website	adinserter.pro
Software Downloads	14,969,007
Software Active Installs	300,000
Software Record Last Updated	May 19, 2024

10 Vulnerabilities

Ad Inserter – Ad Manager & AdSense Ads < 1.5.3 - Cross-Site Request Forgery to Cross-Site Scripting

8.8

CVE-2015-9497

May 2, 2015

Researcher: Kaustubh G. Padwad

Ad Inserter <= 1.5.5 - Cross-Site Request Forgery to Cross-Site Scripting

4.8

CVE ID Unknown

Aug 13, 2015

Researcher: Marcin Probola

Ad Inserter <= 2.4.19 - Authenticated Path Traversal

7.5

CVE-2019-15323

Jul 12, 2019

Researcher: Wilfried Becard

Ad Inserter <= 2.4.21 - Authenticated Remote Code Execution

8.8

CVE-2019-15324

Jul 15, 2019

Researcher: Sean Murphy

Ad Inserter <= 2.7.9 - Reflected Cross-Site Scripting

6.1

CVE-2022-0288

Jan 24, 2022

Researcher: Krzysztof Zając

Ad Inserter < 2.7.11 - Authenticated (Admin+) Remote Code Execution

7.2

CVE ID Unknown

Feb 3, 2022

Researcher: Viktor Markopoulos

Ad Inserter Free and Pro <= 2.7.11 - Reflected Cross-Site Scripting

6.1

CVE-2022-0901

Apr 7, 2022

Researcher: Taurus Omar

Ad Inserter <= 2.7.25 - Authenticated (Admin+) PHP Object Injection

7.2

CVE-2023-1549

Apr 19, 2023

Researcher: Nguyen Huu Do

Ad Inserter <= 2.7.30 - Unauthenticated Sensitive Information Exposure via ai-debug-processing-fe

5.3

CVE-2023-4668

Sep 22, 2023

Researcher: Marco Wotschka

Ad Inserter <= 2.7.30 - Unauthenticated Sensitive Information Exposure via ai_ajax

5.3

CVE-2023-4645

Sep 22, 2023

Researcher: Marco Wotschka

Title	Status	CVE ID	CVSS	Researchers	Date
Ad Inserter – Ad Manager & AdSense Ads < 1.5.3 - Cross-Site Request Forgery to Cross-Site Scripting	Patched	CVE-2015-9497	8.8	Kaustubh G. Padwad	May 2, 2015
Ad Inserter <= 1.5.5 - Cross-Site Request Forgery to Cross-Site Scripting	Patched		4.8	Marcin Probola	August 13, 2015
Ad Inserter <= 2.4.19 - Authenticated Path Traversal	Patched	CVE-2019-15323	7.5	Wilfried Becard	July 12, 2019
Ad Inserter <= 2.4.21 - Authenticated Remote Code Execution	Patched	CVE-2019-15324	8.8	Sean Murphy	July 15, 2019
Ad Inserter <= 2.7.9 - Reflected Cross-Site Scripting	Patched	CVE-2022-0288	6.1	Krzysztof Zając	January 24, 2022
Ad Inserter < 2.7.11 - Authenticated (Admin+) Remote Code Execution	Patched		7.2	Viktor Markopoulos	February 3, 2022
Ad Inserter Free and Pro <= 2.7.11 - Reflected Cross-Site Scripting	Patched	CVE-2022-0901	6.1	Taurus Omar	April 7, 2022
Ad Inserter <= 2.7.25 - Authenticated (Admin+) PHP Object Injection	Patched	CVE-2023-1549	7.2	Nguyen Huu Do	April 19, 2023
Ad Inserter <= 2.7.30 - Unauthenticated Sensitive Information Exposure via ai-debug-processing-fe	Patched	CVE-2023-4668	5.3	Marco Wotschka	September 22, 2023
Ad Inserter <= 2.7.30 - Unauthenticated Sensitive Information Exposure via ai_ajax	Patched	CVE-2023-4645	5.3	Marco Wotschka	September 22, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation