Reflected XSS Vulnerability in Ad Inserter Pro by NotFound
CVE-2025-22680

7.1HIGH

Key Information:

Vendor: WordPress
Status: Ad Inserter Pro
Vendor: CVE Published:; 16 February 2025

Summary

The Ad Inserter Pro plugin by NotFound has a vulnerability that allows attackers to exploit improper neutralization of input during web page generation, leading to reflected cross-site scripting (XSS). This issue could allow unauthorized users to inject malicious scripts into web pages viewed by other users, potentially compromising security and data integrity. Affected users should update to secure versions immediately to mitigate the threat.

Affected Version(s)

Ad Inserter Pro <= 2.7.39

References

https://patchstack.com/database/wordpress/plugin/ad-inser...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 16, 2025
Vulnerability Reserved
Jan 7, 2025

Credit

Trương Hữu Phúc (truonghuuphuc) (Patchstack Alliance)