Vulnerabilities > AD Injection Project > AD Injection > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-04-18 | CVE-2022-0661 | Code Injection vulnerability in AD Injection Project AD Injection 1.2.0.19 The Ad Injection WordPress plugin through 1.2.0.19 does not properly sanitize the body of the adverts injected into the pages, allowing a high privileged user (Admin+) to inject arbitrary HTML or javascript even with unfiltered_html disallowed, leading to a stored cross-site scripting (XSS) vulnerability. | 6.5 |