First published: Mon Jun 06 2022(Updated: )
The WP Simple Adsense Insertion WordPress plugin before 2.1 does not perform CSRF checks on updates to its admin page, allowing an attacker to trick a logged in user to manipulate ads and inject arbitrary javascript via submitting a form.
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Tipsandtricks-hq Wp Simple Adsense Insertion | <2.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for WP Simple Adsense Insertion WordPress plugin is CVE-2022-1695.
The severity of CVE-2022-1695 is medium with a CVSS score of 4.3.
CVE-2022-1695 allows an attacker to trick a logged-in user to manipulate ads and inject arbitrary JavaScript via submitting a form on the plugin's admin page.
The vulnerability in WP Simple Adsense Insertion WordPress plugin can be fixed by updating to version 2.1.1 or later.
More information about CVE-2022-1695 can be found at this reference: https://wpscan.com/vulnerability/2ac5b87b-1390-41ce-af6e-c50e5709baaa