← back
CVE-2023-1549

Ad Inserter < 2.7.27 - Admin+ PHP Object Injection

CVSS 7.2 HIGHEPSS 16.9%
Vexday Risk Score
26Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.2EPSS 16.9%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
15 May 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Ad Inserter WordPress plugin before 2.7.27 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
Unknown · Ad Inserter

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://wpscan.com/vulnerability/c94b3a68-673b-44d7-9251-f3590cc5ee9e