Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Ad Inserter

Source -

CNA

CNA CVEs -

3

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
3Vulnerabilities found
CVE-2025-22623
Assigner-Fluid Attacks
ShareView Details
Assigner-Fluid Attacks
CVSS Score-5.1||MEDIUM
EPSS-0.29% / 52.76%
||
7 Day CHG~0.00%
Published-06 Mar, 2025 | 05:08
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ad Inserter - Reflected cross-site scripting (XSS)

Ad Inserter - Ad Manager and AdSense Ads 2.8.0 was found to be vulnerable. The web application dynamically generates web content without validating the source of the potentially untrusted data in myapp/includes/dst/dst.php.

Action-Not Available
Vendor-Ad Inserter
Product-Ad Inserter
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-49248
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.27% / 51.02%
||
7 Day CHG~0.00%
Published-17 Oct, 2024 | 19:35
Updated-29 Apr, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ad Inserter plugin <= 2.7.37 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spacetime Ad Inserter ad-inserter allows Reflected XSS.This issue affects Ad Inserter: from n/a through <= 2.7.37.

Action-Not Available
Vendor-Spacetime
Product-Ad Inserter
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-1549
Assigner-WPScan
ShareView Details
Assigner-WPScan
CVSS Score-7.2||HIGH
EPSS-5.59% / 90.55%
||
7 Day CHG-0.79%
Published-15 May, 2023 | 12:15
Updated-24 Jan, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ad Inserter < 2.7.27 - Admin+ PHP Object Injection

The Ad Inserter WordPress plugin before 2.7.27 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present

Action-Not Available
Vendor-ad_inserter_projectUnknown
Product-ad_inserterAd Inserter
CWE ID-CWE-502
Deserialization of Untrusted Data