The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai_ajax function. This can allow unauthenticated attackers to extract sensitive data such as post titles and slugs (including those of protected posts along with their passwords), usernames, available roles, the plugin license key provided the remote debugging option is enabled. In the default state it is disabled.
References
Configurations
History
21 Nov 2024, 08:35
Type | Values Removed | Values Added |
---|---|---|
References | () https://plugins.trac.wordpress.org/browser/ad-inserter/trunk/ad-inserter.php#L6529 - Patch | |
References | () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2969942%40ad-inserter%2Ftags%2F2.7.31&old=2922718%40ad-inserter%2Ftrunk - Third Party Advisory | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/57b3eef3-e165-45ac-89d7-2a2a6529b310?source=cve - Third Party Advisory |
25 Oct 2023, 15:30
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:igorfuna:ad_inserter:*:*:*:*:*:wordpress:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
CWE | CWE-862 | |
First Time |
Igorfuna ad Inserter
Igorfuna |
|
References | (MISC) https://www.wordfence.com/threat-intel/vulnerabilities/id/57b3eef3-e165-45ac-89d7-2a2a6529b310?source=cve - Third Party Advisory | |
References | (MISC) https://plugins.trac.wordpress.org/browser/ad-inserter/trunk/ad-inserter.php#L6529 - Patch | |
References | (MISC) https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2969942%40ad-inserter%2Ftags%2F2.7.31&old=2922718%40ad-inserter%2Ftrunk - Third Party Advisory |
19 Oct 2023, 02:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-19 02:15
Updated : 2024-11-21 08:35
NVD link : CVE-2023-4645
Mitre link : CVE-2023-4645
CVE.ORG link : CVE-2023-4645
JSON object : View
Products Affected
igorfuna
- ad_inserter
CWE
CWE-862
Missing Authorization