Headline
CVE-2022-32776: WordPress Advanced Ads – Ad Manager & AdSense plugin <= 1.31.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability - Patchstack
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Advanced Ads GmbH Advanced Ads – Ad Manager & AdSense plugin <= 1.31.1 on WordPress.
Verified
Fixed
4.8
CVSS 3.1 score Medium severity
Report
Monitoring Not reported to be exploited
Vulnerable versions
<= 1.31.1
PSID
f310fa25f34a
Classification
Cross Site Scripting (XSS)
OWASP Top 10
A7: Cross-Site Scripting (XSS)
Required privilege
Requires high role user authentication like admin.
Publicly disclosed
2022-09-28
Details
Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Muhammad Daffa (Patchstack Alliance) in WordPress Advanced Ads – Ad Manager & AdSense plugin (versions <= 1.31.1).
Solution
Update the WordPress Advanced Ads – Ad Manager & AdSense plugin to the latest available version (at least 1.32.0).
References