CVE-2023-4668

Ad Inserter <= 2.7.30 - Unauthenticated Sensitive Information Exposure via ai-debug-processing-fe

CVSS 5.3 MEDIUMEPSS 0.5%CWE-862

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 5.3EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

20 out 2023Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai-debug-processing-fe URL parameter. This can allow unauthenticated attackers to extract sensitive data including installed plugins (present and active), active theme, various plugin settings, WordPress version, as well as some server settings such as memory limit, installation paths.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Produtos afetados

spacetime · Ad Inserter – Ad Manager & AdSense Ads

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2969942%40ad-inserter%2Ftags%2F2.7.31&old=2922718%40ad-inserter%2Ftrunk https://www.wordfence.com/threat-intel/vulnerabilities/id/ce457c98-c55b-4b71-a80b-393eceb9effd?source=cve