WP AdCenter – Ad Manager & Adsense Ads plugin (DC-2024-10113) – Medium

2024-11-20

Platform: WordPress
Version: Up to and including 2.5.7
Vulnerability: Stored Cross-Site Scripting (XSS)
Severity: Medium
Date: November 15, 2024

:

The WP AdCenter plugin for WordPress is vulnerable to XSS due to insufficient input validation on the `wpadcenter_ad` shortcode. This allows attackers with contributor-level access or higher to inject malicious scripts into website pages. These scripts can then be executed by visitors, potentially compromising their data or hijacking their sessions.

What Undercode Says:

This is a medium severity vulnerability that can be exploited by attackers with some access to your website.
Upgrade the WP AdCenter plugin to version 2.5.8 or later to fix the vulnerability.
If you cannot upgrade immediately, take steps to restrict access to the WordPress administration panel to only trusted users.

We recommend that all users of the WP AdCenter plugin update to the latest version as soon as possible.

References:

Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com

Image Source:

OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.helpFeatured Image

Scroll to Top