Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
WordPress Ad Inserter Plugin < 2.4.22 Remote Code Execution Vulnerability
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The Wordpress plugin Ad Inserter is prone to an authenticated remote code execution vulnerability.
Insight
Insight
The vulnerability stems from the use of the check_admin_referer() for authorization, when it was specifically designed to protect WordPress sites against cross-site request forgery (CSRF) exploits using nonces - one-time tokens used for blocking expired and repeated requests. Authenticated attackers who get their hands on a nonce can bypass the authorization checks powered by the check_admin_referer() function to access the debug mode provided by the Ad Inserter plugin. Once the attacker has a nonce at his disposal, he can immediately trigger the debugging feature and, even more dangerous, exploit the ad preview feature by sending a malicious payload containing arbitrary PHP code.
Affected Software
Affected Software
WordPress Ad Inserter plugin before version 2.4.22.
Solution
Solution
Update to version 2.4.22 or later.