Skip to main content

Ad Inserter

8 CVEs product

Monthly

CVE-2026-57693 MEDIUM This Month

Cross-site scripting in the Ad Inserter WordPress plugin (Spacetime, versions through 2.8.11) allows authenticated low-privilege users to inject malicious JavaScript into pages served to other site visitors. The CVSS scope-change metric (S:C) confirms the vulnerability crosses the security boundary from the plugin into victims' browser contexts, enabling session theft or unauthorized action execution on behalf of targeted users. No public exploit code or CISA KEV listing has been identified at time of analysis, placing this in a moderate-priority category for WordPress operators running affected versions.

XSS Ad Inserter
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-4668 MEDIUM PATCH This Month

The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai-debug-processing-fe URL parameter. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Information Disclosure WordPress Authentication Bypass Ad Inserter
NVD VulDB
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-4645 MEDIUM PATCH This Month

The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai_ajax function. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Information Disclosure WordPress Ad Inserter
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-1549 HIGH POC THREAT This Week

The Ad Inserter WordPress plugin before 2.7.27 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection WordPress PHP Ad Inserter
NVD WPScan
CVSS 3.1
7.2
EPSS
16.9%
CVE-2022-0901 MEDIUM POC This Month

The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do not sanitise and escape the REQUEST_URI before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Ad Inserter
NVD WPScan
CVSS 3.1
6.1
EPSS
3.5%
CVE-2022-0288 MEDIUM POC This Month

The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPress plugin before 2.7.10 do not sanitise and escape the html_element_selection parameter before outputting it back in the page,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Ad Inserter Pro Ad Inserter
NVD WPScan
CVSS 3.1
6.1
EPSS
2.4%
CVE-2019-15324 HIGH POC This Week

The ad-inserter plugin before 2.4.22 for WordPress has remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress RCE Ad Inserter
NVD
CVSS 3.0
8.8
EPSS
3.6%
CVE-2019-15323 HIGH This Week

The ad-inserter plugin before 2.4.20 for WordPress has path traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal WordPress Ad Inserter
NVD
CVSS 3.1
7.5
EPSS
2.0%
EPSS 0% CVSS 6.5
MEDIUM This Month

Cross-site scripting in the Ad Inserter WordPress plugin (Spacetime, versions through 2.8.11) allows authenticated low-privilege users to inject malicious JavaScript into pages served to other site visitors. The CVSS scope-change metric (S:C) confirms the vulnerability crosses the security boundary from the plugin into victims' browser contexts, enabling session theft or unauthorized action execution on behalf of targeted users. No public exploit code or CISA KEV listing has been identified at time of analysis, placing this in a moderate-priority category for WordPress operators running affected versions.

XSS Ad Inserter
NVD VulDB
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai-debug-processing-fe URL parameter. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Information Disclosure WordPress Authentication Bypass +1
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai_ajax function. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Information Disclosure WordPress +1
NVD VulDB
EPSS 17% CVSS 7.2
HIGH POC THREAT This Week

The Ad Inserter WordPress plugin before 2.7.27 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection WordPress PHP +1
NVD WPScan
EPSS 4% CVSS 6.1
MEDIUM POC This Month

The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do not sanitise and escape the REQUEST_URI before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Ad Inserter
NVD WPScan
EPSS 2% CVSS 6.1
MEDIUM POC This Month

The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPress plugin before 2.7.10 do not sanitise and escape the html_element_selection parameter before outputting it back in the page,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Ad Inserter Pro +1
NVD WPScan
EPSS 4% CVSS 8.8
HIGH POC This Week

The ad-inserter plugin before 2.4.22 for WordPress has remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress RCE Ad Inserter
NVD
EPSS 2% CVSS 7.5
HIGH This Week

The ad-inserter plugin before 2.4.20 for WordPress has path traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal WordPress Ad Inserter
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy