Ad Inserter – Ad Manager & AdSense Ads WordPress Plugin Security Vulnerabilities | WPScan

13

November 30, 2025

300000

Published

2025-11-04

Title

Ad Inserter < 2.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field

Fixed in

Fixed in 2.8.8

CVSS

6.4 (medium)

Published

2025-03-05

Title

Ad Inserter - Ad Manager and AdSense Ads < 2.8.1 - Reflected Cross-Site Scripting

Fixed in

Fixed in 2.8.1

CVSS

6.1 (medium)

Published

2024-10-14

Title

Ad Inserter < 2.7.38 - Reflected Cross-Site Scripting

Fixed in

Fixed in 2.7.38

CVSS

6.1 (medium)

Published

2023-09-22

Title

Ad Inserter – Ad Manager & AdSense Ads < 2.7.31 - Unauthenticated Sensitive Information Exposure

Fixed in

Fixed in 2.7.31

CVSS

5.3 (medium)

Published

2023-09-22

Title

Ad Inserter – Ad Manager & AdSense Ads < 2.7.31 - Unauthenticated Sensitive Information Exposure

Fixed in

Fixed in 2.7.31

CVSS

5.3 (medium)

Published

2023-04-19

Title

Ad Inserter < 2.7.27 - Admin+ PHP Object Injection

Fixed in

Fixed in 2.7.27

CVSS

3.3 (low)

Published

2022-03-14

Title

Ad Inserter < 2.7.12 - Reflected Cross-Site Scripting

Fixed in

Fixed in 2.7.12

CVSS

3.4 (low)

Published

2022-02-03

Title

Ad Inserter < 2.7.11 - Admin+ RCE / Stored XSS

Fixed in

Fixed in 2.7.11

CVSS

6.6 (medium)

Published

2022-01-24

Title

Ad Inserter < 2.7.10 - Reflected Cross-Site Scripting

Fixed in

Fixed in 2.7.10

CVSS

6.1 (medium)

Published

2019-07-15

Title

Ad Inserter <= 2.4.21 - Authenticated Remote Code Execution

Fixed in

Fixed in 2.4.22

CVSS

8.8 (high)

Published

2019-07-12

Title

Ad Inserter <= 2.4.19 - Authenticated Path Traversal

Fixed in

Fixed in 2.4.20

CVSS

7.5 (high)

Published

2015-08-13

Title

Ad Inserter <= 1.5.5 - Authenticated Cross-Site Scripting (XSS)

Fixed in

Fixed in 1.5.6

CVSS

n/a

Published

2015-05-02

Title

Ad Inserter 1.5.2 - CSRF & XSS

Fixed in

Fixed in 1.5.3

CVSS

8.8 (high)