MEDIUM
spacetime
CVE published 2026-07-03
CVE-2026-11900
The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Insecure Direct Object Reference, allowing authenticated attackers with Contributor-level access and above to read the full content of arbitrary posts, including Private, Draft, Pending, Trashed, and password-protected posts owned by other users. This is due to insufficient authorization checks in the replace_ai_tags() functi [truncated]