Sensitive Information Exposure in Ad Inserter Plugin for WordPress
CVE-2023-4645

5.3MEDIUM

Key Information:

Vendor
Wordpress
Vendor
CVE Published:
19 October 2023

Summary

The Ad Inserter plugin for WordPress has a vulnerability that may lead to sensitive information exposure, affecting versions up to and including 2.7.30. This flaw can be exploited through the ai_ajax function, permitting unauthenticated attackers to access sensitive data such as post titles, slugs of protected posts (including their corresponding passwords), usernames, user roles, and the plugin license key if remote debugging is enabled, which is typically set to disabled by default.

Affected Version(s)

Ad Inserter – Ad Manager & AdSense Ads * <= 2.7.30

References

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Marco Wotschka
.