Ad Inserter <= 2.4.21 - Authenticated Remote Code Execution

Affects Plugin

fixed in version 2.4.22

References

CVE 2019-15324
URL https://www.wordfence.com/blog/2019/07/critical-vulnerability-patched-in-ad-inserter-plugin/
URL https://plugins.trac.wordpress.org/changeset/2122577/ad-inserter

Classification

Type RCE
OWASP Top 10 A1: Injection
CWE CWE-94

Miscellaneous

Original Researcher Sean Murphy (Wordfence)
Submitter Ryan Dewhurst
Submitter Website https://wpscan.io
Submitter Twitter ethicalhack3r
Views 3325
Verified No
WPVDB ID 9455

Timeline

Publicly Published 2019-07-15 (3 months ago)
Added 2019-07-15 (3 months ago)
Last Updated 2019-08-22 (about 2 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin