CVE-2023-4645: 
WordPress vulnerability analysis and mitigation

CVE-2023-4645 affects the Ad Inserter for WordPress plugin in versions up to and including 2.7.30. The vulnerability is related to sensitive information exposure through the ai_ajax function, which allows unauthenticated attackers to extract sensitive data including post titles, slugs (including protected posts and their passwords), usernames, available roles, and the plugin license key when remote debugging is enabled (NVD).

The vulnerability is classified as a Missing Authorization issue (CWE-862) with a CVSS v3.1 base score of 5.3 (MEDIUM). The vulnerability exists in the ai_ajax function of the plugin and can be exploited when the remote debugging option is enabled, though this feature is disabled by default (WPScan).

When exploited, the vulnerability allows unauthenticated attackers to access sensitive information including protected post titles and slugs along with their passwords, usernames, available roles, and the plugin's license key. This information disclosure could potentially be used for further attacks or unauthorized access to protected content (NVD).

The vulnerability has been patched in version 2.7.31 of the Ad Inserter plugin. Users are advised to update to this version or later to protect against potential exploitation (WPScan).