A critical remote code execution vulnerability in WordPress plugin Ad Inserter, let hackers execute arbitrary PHP code in the vulnerable installations. The vulnerability was discovered by Wordfence security team and the vulnerability can be executed only by the authenticated users starting from Subscribers to above user levels. The plugin is used on over 200,000 websites and the functionality of the plugin to insert different kind of ads, opt-in forms and other scripts on the WordPress websites. Users are recommended to update with 2.4.22 right away.”]
Source: https://gbhackers.com/critical-vulnerability-ad-inserter/