CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/05/27 9:49 a.m.•22 views

CVE-2026-42732 WordPress Ads by WPQuads plugin <= 3.0.2 - Broken Authentication vulnerability

Improper Validation of Specified Quantity in Input vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded allows Input Data Manipulation.This issue affects Ads by WPQuads: from n/a through = 3.0.2...

6.5CVSS0.00068EPSS

Positive Technologies•added 2026/05/27 12:0 a.m.•6 views

PT-2026-43644

6.5CVSS5.8AI score0.00068EPSS

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•9 views

Malicious code in react-adsense (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score

Exploits0References5

vulnersOsv•added 2026/05/19 12:0 a.m.•4 views

@hocgin/ui (>=4.0.43 <=4.2.13), ame-miniapp-components (>=1.4.10-beta0 <=1.6.3-beta1) +5 more potentially affected by unknown CVE via react-adsense (=0.1.0)

react-adsense NPM version =0.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on react-adsense and may be impacted: - @hocgin/ui =4.0.43, =1.4.10-beta0, =0.30.0, =2.0.3 - hello-tea-js =1.0.0 - jie-web =1.0.0 Source cves: unknown CVE Source advisory:...

5.8AI score

Exploits0

OSV•added 2026/05/19 12:0 a.m.•1 views

MAL-2026-4150 Malicious code in react-adsense (npm)

5.8AI score

Exploits0References5

RedhatCVE•added 2026/03/29 5:3 p.m.•1 views

CVE-2026-2595

The Quads Ads Manager for Google AdSense plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.98.1 due to insufficient input sanitization and output escaping of multiple ad metadata parameters. This makes it possible for authenticated attackers,...

5.4CVSS6AI score0.00034EPSS

NVD•added 2026/03/28 12:16 p.m.•0 views

CVE-2026-2595

5.4CVSS0.00034EPSS

CVE•added 2026/03/28 11:26 a.m.•6 views

CVE-2026-2595

CVE-2026-2595 affects the WordPress plugin Quads Ads Manager for Google AdSense and its versions up to and including 2.0.98.1. The issue is stored cross-site scripting caused by insufficient input sanitization and output escaping of multiple ad metadata parameters. Authentication with at least Co...

5.4CVSS6AI score0.00034EPSS

Cvelist•added 2026/03/28 11:26 a.m.•31 views

CVE-2026-2595 Quads Ads Manager for Google AdSense <= 2.0.98.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Ad Metadata Parameters

5.4CVSS0.00034EPSS

Patchstack•added 2026/03/28 1:45 a.m.•2 views

WordPress Quads Ads Manager for Google AdSense plugin <= 2.0.98.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Ad Metadata Parameters vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Multiple Ad Metadata Parameters vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Ads by WPQuads versions = 2.0.98.1...

5.4CVSS5.9AI score0.00034EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2026/03/28 12:0 a.m.•1 views

PT-2026-28343

Name of the Vulnerable Software and Affected Versions Quads Ads Manager for Google AdSense plugin for WordPress versions through 2.0.98.1 Description The Quads Ads Manager for Google AdSense plugin for WordPress is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization an...

5.4CVSS6AI score0.00034EPSS

Exploits0References4

CNNVD•added 2026/03/28 12:0 a.m.•3 views

WordPress plugin Quads Ads Manager for Google AdSense 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

5.4CVSS5.7AI score0.00034EPSS

RedhatCVE•added 2026/02/20 7:22 a.m.•2 views

CVE-2025-13413

The Country Blocker for AdSense plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the CBFAguardarcbfa function. This makes it possible for unauthenticated attackers to update the plugin's settings...

4.3CVSS5.4AI score0.00016EPSS

NVD•added 2026/02/19 7:17 a.m.•3 views

CVE-2025-13413

4.3CVSS0.00016EPSS

Vulnrichment•added 2026/02/19 4:36 a.m.•1 views

CVE-2025-13413 Country Blocker for AdSense <= 1.0 - Cross-Site Request Forgery to Settings Update

4.3CVSS5.4AI score0.00016EPSS

CVE•added 2026/02/19 4:36 a.m.•6 views

CVE-2025-13413

CVE-2025-13413 (Country Blocker for AdSense) is a CSRF vulnerability in WordPress plugin versions up to 1.0 due to missing nonce validation in the CBFA_guardar_cbfa() function, enabling unauthenticated attackers to trigger settings updates by tricking an admin. Public details indicate the issue a...

4.3CVSS5.4AI score0.00016EPSS

Cvelist•added 2026/02/19 4:36 a.m.•27 views

CVE-2025-13413 Country Blocker for AdSense <= 1.0 - Cross-Site Request Forgery to Settings Update

4.3CVSS0.00016EPSS

CNNVD•added 2026/02/19 12:0 a.m.•4 views

WordPress plugin Country Blocker for AdSense 跨站请求伪造漏洞

4.3CVSS5.7AI score0.00016EPSS