Severity by source
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
XSS via low-privilege authenticated user requires victim interaction; availability impact is not a realistic primary outcome for ad plugin XSS.
Primary rating from Vendor (Patchstack).
CVSS VectorVendor: Patchstack
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Lifecycle Timeline
1DescriptionCVE.org
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spacetime Ad Inserter ad-inserter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ad Inserter: from n/a through <= 2.8.11.
AnalysisAI
Cross-site scripting in the Ad Inserter WordPress plugin (Spacetime, versions through 2.8.11) allows authenticated low-privilege users to inject malicious JavaScript into pages served to other site visitors. The CVSS scope-change metric (S:C) confirms the vulnerability crosses the security boundary from the plugin into victims' browser contexts, enabling session theft or unauthorized action execution on behalf of targeted users. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to hold an authenticated WordPress session with sufficient privilege to access the Ad Inserter plugin configuration - at minimum a low-privilege role such as contributor or editor (CVSS PR:L). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The NVD CVSS 3.1 base score of 6.5 is supported by the vector AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with a contributor or low-privilege author account on a WordPress site running Ad Inserter ≤ 2.8.11 navigates to the plugin's ad configuration interface and injects a malicious JavaScript payload into an ad code block. When an administrator or another authenticated user subsequently visits a page where that ad block renders, their browser executes the injected script - allowing the attacker to steal session cookies, perform authenticated actions as the victim, or escalate privileges to administrator. … |
| Remediation | Update the Ad Inserter plugin to a version beyond 2.8.11. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Ad Inserter
View allThe ad-inserter plugin before 2.4.22 for WordPress has remote code execution. Rated high severity (CVSS 8.8), this vulne
The Ad Inserter WordPress plugin before 2.7.27 unserializes user input provided via the settings, which could allow high
The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do not sanitise and escape the REQUEST_URI before outputtin
The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPress plugin before 2.7.10 do not sanitise and escap
The ad-inserter plugin before 2.4.20 for WordPress has path traversal. Rated high severity (CVSS 7.5), this vulnerabilit
The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 v
The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 v
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43355