PhoneSpeck Press Release

Tuesday, July 16, 2019

Critical security vulnerability discovered in Wordpress Ad Inserter plugin

wordpress software

Pete Linforth / Pixabay

Last month, Alert Logic security experts found a bug in a widely used WordPress plugin WP live chat that was fixed immediately after an alert. But this month, July 12, Threat Intelligence team at Wordfence discovered a security weakness that was residing inside a popular WordPress plugin Ad Inserter.

This bug allowed authenticated users (registered with an affected site as low as subscriber) to execute arbitrary PHP code remotely on the websites using the ad management tool Ad inserter. Users are requested to update the said plugin to the never version released 3-days ago after the bug was patched by the plugin developers.

For those who do not know about the Ad Inserter plugin, it is a tool developed for Wordpress software that allows a publisher to manage Google Adsense ads and other types of ads on ad inserter plugin-installed-websites.

The discovered bug (now patched), allows an attacker to add malicious variables to the site's URL and poses a security risk for personal data leaks of an admin managing the affected Wordpress site. Since the flaw has been fixed, plugin developers claim that the latest version 2.4.22 has the ability to prevent such attacks.


Read other related articles

Also read other articles

© Copyright 2019 PhoneSpeck | All Right Reserved