Input Validation Flaw in Ad Inserter - Ad Manager by WordPress
CVE-2025-22623

5.1MEDIUM

Key Information:

Vendor: WordPress
Status: Ad Inserter
Vendor: CVE Published:; 6 March 2025

What is CVE-2025-22623?

The Ad Inserter - Ad Manager and AdSense Ads version 2.8.0 has been identified with an input validation issue that allows it to dynamically generate web content without proper source validation. This could potentially lead to security risks if the generated content includes untrusted data, which may be exploited by attackers to inject harmful scripts or perform unauthorized actions on the website.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Ad Inserter 2.8.0

References

https://fluidattacks.com/advisories/skims-8/

third-party-advisory

https://wordpress.org/plugins/ad-inserter/#developers

release-notes

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Mar 6, 2025
Vulnerability Reserved
Jan 7, 2025

JSON

WordPress