Sensitive Information Exposure in Ad Inserter Plugin for WordPress
CVE-2023-4645
5.3MEDIUM
Key Information:
- Vendor
- Wordpress
- Vendor
- CVE Published:
- 19 October 2023
Summary
The Ad Inserter plugin for WordPress has a vulnerability that may lead to sensitive information exposure, affecting versions up to and including 2.7.30. This flaw can be exploited through the ai_ajax function, permitting unauthenticated attackers to access sensitive data such as post titles, slugs of protected posts (including their corresponding passwords), usernames, user roles, and the plugin license key if remote debugging is enabled, which is typically set to disabled by default.
Affected Version(s)
Ad Inserter – Ad Manager & AdSense Ads * <= 2.7.30
References
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Marco Wotschka