← Back to CVEs
CVE-2023-4645
MEDIUM5.3
Description
The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai_ajax function. This can allow unauthenticated attackers to extract sensitive data such as post titles and slugs (including those of protected posts along with their passwords), usernames, available roles, the plugin license key provided the remote debugging option is enabled. In the default state it is disabled.
CVE Details
CVSS v3.1 Score5.3
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published10/19/2023
Last Modified4/8/2026
Sourcenvd
Honeypot Sightings0
Affected Products
igorfuna:ad_inserter
Weaknesses (CWE)
CWE-862CWE-862
References
https://plugins.trac.wordpress.org/browser/ad-inserter/trunk/ad-inserter.php#L6529(security@wordfence.com)
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2969942%40ad-inserter%2Ftags%2F2.7.31&old=2922718%40ad-inserter%2Ftrunk(security@wordfence.com)
https://www.wordfence.com/threat-intel/vulnerabilities/id/57b3eef3-e165-45ac-89d7-2a2a6529b310?source=cve(security@wordfence.com)
https://plugins.trac.wordpress.org/browser/ad-inserter/trunk/ad-inserter.php#L6529(af854a3a-2127-422b-91ae-364da2661108)
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2969942%40ad-inserter%2Ftags%2F2.7.31&old=2922718%40ad-inserter%2Ftrunk(af854a3a-2127-422b-91ae-364da2661108)
https://www.wordfence.com/threat-intel/vulnerabilities/id/57b3eef3-e165-45ac-89d7-2a2a6529b310?source=cve(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.