CVE-2022-1695

CVE-2022-1695: WP Simple Adsense Insertion < 2.1 - Inject ads and javascript via CSRF

Vendor Unknown

Product WP Simple Adsense Insertion

Weakness CWE-352 · CSRF

Published June 6, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

The WP Simple Adsense Insertion WordPress plugin before 2.1 does not perform CSRF checks on updates to its admin page, allowing an attacker to trick a logged in user to manipulate ads and inject arbitrary javascript via submitting a form.

Key dates

Disclosure timeline

June 6, 2022 CVE published

August 3, 2024 Record updated