Sensitive Information Exposure in Ad Inserter for WordPress
CVE-2023-4668

7.5HIGH

Key Information:

Vendor: Wordpress
Status: Ad Inserter – Ad Manager & AdSense Ads
Vendor: CVE Published:; 20 October 2023

Summary

The Ad Inserter plugin for WordPress, up to version 2.7.30, is susceptible to a Sensitive Information Exposure vulnerability. This flaw can be exploited via the ai-debug-processing-fe URL parameter, allowing unauthorized users to access sensitive data such as active plugins, themes, various plugin settings, and certain server configurations like memory limits and installation paths. Proper mitigation is essential to prevent unauthorized data access.

Affected Version(s)

Ad Inserter – Ad Manager & AdSense Ads * <= 2.7.30

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 20, 2023
Vulnerability Reserved
Aug 31, 2023

Credit

Marco Wotschka