Level 36
A critical security issue found in the Ad Inserter WordPress plugin currently installed on over 200,000 websites allows authenticated attackers to remotely execute PHP code.
Ad Inserter is an "ad management plugin with many advanced advertising features to insert ads at optimal positions" and it comes with support for "all kinds of ads including Google AdSense, Google Ad Manager (DFP – DoubleClick for publishers), contextual Amazon Native Shopping Ads, and rotating banners."