Ad Inserter – Ad Manager & AdSense Ads < 2.7.31 – Unauthenticated Sensitive Information Exposure | CVE 2023-4645

Affects Plugins

ad-inserter

Fixed in 2.7.31

References

CVE

CVE-2023-4645

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CWE-862

CVSS

5.3 (medium)

Miscellaneous

Original Researcher

Marco Wotschka

Verified

No

WPVDB ID

92a5a21d-e97e-4b4a-9209-3ecacbc46e54

Timeline

Publicly Published

2023-09-22 (about 2 years ago)

Added

2023-10-20 (about 2 years ago)

Last Updated

2023-10-20 (about 2 years ago)

Other

Published

Title

Published

2024-02-07

Title

ImageRecycle pdf & image compression < 3.1.14 - Missing Authorization to Settings Update in disableOptimization

Published

2026-01-03

Title

Don Peppe <= 1.3 - Missing Authorization

Published

2025-12-26

Title

Themebeez Toolkit <= 1.3.5 - Missing Authorization

Published

2023-01-16

Title

Stream < 3.9.2 - Subscriber+ Alert Creation

Published

2024-11-15

Title

Customer Reviews for WooCommerce < 5.62.0 - Missing Authorization to Authenticated (Subscriber+) Import Cancellation