CVE-2023-4668

Name of the Vulnerable Software and Affected Versions The Ad Inserter for WordPress versions up to, and including, 2.7.30

Description The issue allows unauthenticated attackers to extract sensitive data including installed plugins, active theme, various plugin settings, WordPress version, as well as some server settings such as memory limit and installation paths. This is achieved via the ai-debug-processing-fe URL parameter.

Recommendations For versions up to, and including, 2.7.30, consider disabling the ai-debug-processing-fe URL parameter until a patch is available to prevent sensitive information exposure. Restrict access to sensitive data and server settings to minimize the risk of exploitation. Update to a version higher than 2.7.30 when available.