WordPress Plugin Vulnerabilities

Advanced ads Management <= 1.3 - Authenticated Stored Cross-Site Scripting (XSS)

Description

Any authenticated user, including authors, can embed JavaScript via the 'HTML Codes' functionality when creating a new add. Embedding JavaScript should be restricted to users with the 'unfiltered_html' capability.

Affects Plugins

Plugin icon
inazo-advanced-ads-management
Fixed in 1.4

References

URL
https://plugins.trac.wordpress.org/changeset/1513480/inazo-advanced-ads-management

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter
Usman Nasir
Submitter website
http://cyberpersons.com
Submitter twitter
ranausmannasir
Verified
No
WPVDB ID
63dad79a-aa7a-4607-afe4-e1c218b31da6

Timeline

Publicly Published
2016-09-06 (about 9 years ago)
Added
2016-09-16 (about 9 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2024-06-06
Title
Kenta Blocks – Responsive Blocks and block templates library < 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2023-11-28
Title
Chart Builder < 1.9.7 - Admin+ Stored XSS
Published
2025-05-21
Title
Hot Random Image < 1.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via link Parameter
Published
2024-05-23
Title
SEOPress < 7.6 - Contributor+ Stored XSS
Published
2024-10-29
Title
Beaver Builder – WordPress Page Builder < 2.8.4.3 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Button Widget