CVE-2015-9497

Name of the Vulnerable Software and Affected Versions ad-inserter plugin versions prior to 1.5.3

Description The issue concerns a CSRF vulnerability with resultant XSS in the ad-inserter plugin for WordPress. This can be exploited via the "wp-admin/options-general.php?page=ad-inserter.php" endpoint.

Recommendations For versions prior to 1.5.3, update to version 1.5.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the "wp-admin/options-general.php?page=ad-inserter.php" endpoint to minimize the risk of exploitation.