Description
WordPress Plugin Ad Inserter-Ad Manager & AdSense Ads is prone to a directory traversal vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Ad Inserter-Ad Manager & AdSense Ads version 2.4.19 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.4.20 or latest
References
https://www.synacktiv.com/ressources/advisories/WordPress_ad_inserter.pdf
https://plugins.svn.wordpress.org/ad-inserter/trunk/readme.txt
Related Vulnerabilities
WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.20)
Moodle Missing Authorization Vulnerability (CVE-2019-10187)
WordPress Plugin User Role by BestWebSoft Cross-Site Scripting (1.4.1)
MySQL Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2008-7247)
WordPress Plugin Duplicator-WordPress Migration Cross-Site Scripting (1.2.28)