Search criteria
2 vulnerabilities found for wp_simple_adsense_insertion by tipsandtricks-hq
CVE-2022-1695 (GCVE-0-2022-1695)
Vulnerability from nvd – Published: 2022-06-06 08:51 – Updated: 2024-08-03 00:10
VLAI
Title
WP Simple Adsense Insertion < 2.1 - Inject ads and javascript via CSRF
Summary
The WP Simple Adsense Insertion WordPress plugin before 2.1 does not perform CSRF checks on updates to its admin page, allowing an attacker to trick a logged in user to manipulate ads and inject arbitrary javascript via submitting a form.
Severity
No CVSS data available.
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/2ac5b87b-1390-41… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | WP Simple Adsense Insertion |
Affected:
2.1 , < 2.1
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.866Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/2ac5b87b-1390-41ce-af6e-c50e5709baaa"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WP Simple Adsense Insertion",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.1",
"status": "affected",
"version": "2.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Daniel Ruf"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Simple Adsense Insertion WordPress plugin before 2.1 does not perform CSRF checks on updates to its admin page, allowing an attacker to trick a logged in user to manipulate ads and inject arbitrary javascript via submitting a form."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-06T08:51:30.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/2ac5b87b-1390-41ce-af6e-c50e5709baaa"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WP Simple Adsense Insertion \u003c 2.1 - Inject ads and javascript via CSRF",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1695",
"STATE": "PUBLIC",
"TITLE": "WP Simple Adsense Insertion \u003c 2.1 - Inject ads and javascript via CSRF"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP Simple Adsense Insertion",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.1",
"version_value": "2.1"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Daniel Ruf"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP Simple Adsense Insertion WordPress plugin before 2.1 does not perform CSRF checks on updates to its admin page, allowing an attacker to trick a logged in user to manipulate ads and inject arbitrary javascript via submitting a form."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/2ac5b87b-1390-41ce-af6e-c50e5709baaa",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/2ac5b87b-1390-41ce-af6e-c50e5709baaa"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1695",
"datePublished": "2022-06-06T08:51:30.000Z",
"dateReserved": "2022-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:10:03.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1695 (GCVE-0-2022-1695)
Vulnerability from cvelistv5 – Published: 2022-06-06 08:51 – Updated: 2024-08-03 00:10
VLAI
Title
WP Simple Adsense Insertion < 2.1 - Inject ads and javascript via CSRF
Summary
The WP Simple Adsense Insertion WordPress plugin before 2.1 does not perform CSRF checks on updates to its admin page, allowing an attacker to trick a logged in user to manipulate ads and inject arbitrary javascript via submitting a form.
Severity
No CVSS data available.
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/2ac5b87b-1390-41… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | WP Simple Adsense Insertion |
Affected:
2.1 , < 2.1
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.866Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/2ac5b87b-1390-41ce-af6e-c50e5709baaa"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WP Simple Adsense Insertion",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.1",
"status": "affected",
"version": "2.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Daniel Ruf"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Simple Adsense Insertion WordPress plugin before 2.1 does not perform CSRF checks on updates to its admin page, allowing an attacker to trick a logged in user to manipulate ads and inject arbitrary javascript via submitting a form."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-06T08:51:30.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/2ac5b87b-1390-41ce-af6e-c50e5709baaa"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WP Simple Adsense Insertion \u003c 2.1 - Inject ads and javascript via CSRF",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1695",
"STATE": "PUBLIC",
"TITLE": "WP Simple Adsense Insertion \u003c 2.1 - Inject ads and javascript via CSRF"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP Simple Adsense Insertion",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.1",
"version_value": "2.1"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Daniel Ruf"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP Simple Adsense Insertion WordPress plugin before 2.1 does not perform CSRF checks on updates to its admin page, allowing an attacker to trick a logged in user to manipulate ads and inject arbitrary javascript via submitting a form."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/2ac5b87b-1390-41ce-af6e-c50e5709baaa",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/2ac5b87b-1390-41ce-af6e-c50e5709baaa"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1695",
"datePublished": "2022-06-06T08:51:30.000Z",
"dateReserved": "2022-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:10:03.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}