Input Validation Flaw in Ad Inserter - Ad Manager by WordPress
CVE-2025-22623

5.1MEDIUM

Key Information:

Vendor: WordPress
Status: Ad Inserter
Vendor: CVE Published:; 6 March 2025

What is CVE-2025-22623?

The Ad Inserter - Ad Manager and AdSense Ads version 2.8.0 has been identified with an input validation issue that allows it to dynamically generate web content without proper source validation. This could potentially lead to security risks if the generated content includes untrusted data, which may be exploited by attackers to inject harmful scripts or perform unauthorized actions on the website.

Affected Version(s)

Ad Inserter 2.8.0

References

https://fluidattacks.com/advisories/skims-8/

third-party-advisory

https://wordpress.org/plugins/ad-inserter/#developers

release-notes

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 6, 2025
Vulnerability Reserved
Jan 7, 2025