WordPress Plugin Vulnerabilities

Ad Inserter – Ad Manager & AdSense Ads < 2.7.31 - Unauthenticated Sensitive Information Exposure

Description

The plugin is vulnerable to Sensitive Information Exposure via the ai-debug-processing-fe URL parameter.

Affects Plugins

Plugin icon
ad-inserter
Fixed in 2.7.31

References

CVE
CVE-2023-4668

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Marco Wotschka
Verified
No
WPVDB ID
0cc37def-0c7c-4610-9f25-02ce2c2f6622

Timeline

Publicly Published
2023-09-22 (about 2 years ago)
Added
2023-10-20 (about 2 years ago)
Last Updated
2023-10-20 (about 2 years ago)

Other

Published
Title
Published
2024-04-22
Title
WordPress Meta Data and Taxonomies Filter (MDTF) < 1.3.3.1 - Missing Authorization
Published
2026-04-28
Title
Complianz < 7.4.6 - Unauthenticated Private Post Content Disclosure
Published
2024-05-14
Title
Radio Player < 2.0.74 - Missing Authorization
Published
2025-06-05
Title
TicketBAI Facturas para WooCommerce <= 3.45 - Missing Authorization
Published
2025-05-07
Title
Music Player for WooCommerce < 1.6.0 - Missing Authorization