Description
WordPress Plugin Ad Inserter-Ad Manager & AdSense Ads is prone to a directory traversal vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Ad Inserter-Ad Manager & AdSense Ads version 2.4.19 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.4.20 or latest
References
https://www.synacktiv.com/ressources/advisories/WordPress_ad_inserter.pdf
https://plugins.svn.wordpress.org/ad-inserter/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin EWWW Image Optimizer Remote Code Execution (2.8.3)
WordPress Plugin UK Cookie Consent Cross-Site Scripting (2.3.9)
WordPress Plugin Windows Desktop and iPhone Photo Uploader Arbitrary File Upload (1.8)
WordPress Plugin MailCWP Arbitrary File Upload (1.99)
WordPress Plugin Ship To eCourier Cross-Site Request Forgery (1.0.1)