1840 matches found
Tube Video Ads Lite - Reflected XSS
Tube Video Ads Lite WordPress plugin = 1.5.7 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute arbitrary scripts in the context of high privilege users, exploit requires attacker to craf...
Google for WooCommerce <= 2.8.6 - Information Disclosure via Publicly Accessible PHP Info File
The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.8.6. This is due to publicly accessible printphpinformation.php file. This makes it possible for unauthenticated attackers to retrieve information about Webserver and PH...
Ads Pro Plugin <= 4.88 - Unauthenticated SQL Injection
The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection via the 'aid' parameter in all versions up to, and including, 4.88 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...
Ads Pro Plugin <= 4.89 - Local File Inclusion
The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.89 via the 'bsatemplate' parameter of the bsapreviewcallback function. This makes it possible for unauthenticated attackers to includ...
Motors Car Dealer & Classified Ads <= 1.4.0 - Unauthenticated settings import/export
includes/options.php in the motors-car-dealership-classified-listings aka Motors - Car Dealer & Classified Ads plugin through 1.4.0 for WordPress allows unauthenticated options changes. id: CVE-2019-17228 info: name: Motors Car Dealer & Classified Ads = 1.4.0 - Unauthenticated settings...
CVE-2026-9272
In Progress Flowmon ADS versions prior to 12.5.6 and 13.0.5, a vulnerability exists whereby an adversary who is authenticated as a low-privileged user in the Anomaly Detection System ADS may send specially crafted requests that could result in unauthorized access to application data and its...
CVE-2026-9272
CVE-2026-9272 affects Progress Flowmon ADS prior to 12.5.6 and 13.0.5. An adversary authenticated as a low-privileged ADS user can send specially crafted requests that lead to unauthorized access to and modification of application data. The CVE’s metrics indicate HIGH impact on confidentiality, i...
CVE-2026-9272 Possibility of unintended database operations when querying data related to detected anomalies in Progress Flowmon ADS
In Progress Flowmon ADS versions prior to 12.5.6 and 13.0.5, a vulnerability exists whereby an adversary who is authenticated as a low-privileged user in the Anomaly Detection System ADS may send specially crafted requests that could result in unauthorized access to application data and its...
CVE-2026-9272
In Progress Flowmon ADS versions prior to 12.5.6 and 13.0.5, a vulnerability exists whereby an adversary who is authenticated as a low-privileged user in the Anomaly Detection System ADS may send specially crafted requests that could result in unauthorized access to application data and its...
CVE-2026-57335
Subscriber Broken Access Control in Ads by WPQuads = 3.0.3 versions...
CVE-2026-57335 WordPress Ads by WPQuads plugin <= 3.0.3 - Broken Access Control vulnerability
Subscriber Broken Access Control in Ads by WPQuads = 3.0.3 versions...
CVE-2026-57335
CVE-2026-57335 concerns the WordPress plugin WPQuads Ads (WPQuads)
EUVD-2026-40106
Subscriber Broken Access Control in Ads by WPQuads = 3.0.3 versions...
WordPress Ads by WPQuads plugin <= 3.0.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Ads by WPQuads versions = 3.0.3...
PT-2026-53296
Name of the Vulnerable Software and Affected Versions Ads by WPQuads versions prior to 3.0.4 Description Broken access control allows users with the Subscriber role to perform unauthorized actions. Recommendations Update Ads by WPQuads to version 3.0.4 or later...
CVE-2026-54824
Unauthenticated Sensitive Data Exposure in Ads by WPQuads = 3.0.3 versions...
CVE-2026-54824 WordPress Ads by WPQuads plugin <= 3.0.3 - Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure in Ads by WPQuads = 3.0.3 versions...
CVE-2026-54824
Unauthenticated sensitive data exposure affecting the WordPress Ads by WPQuads plugin ≤ 3.0.3. Affected component: the WPQuads Ads plugin for WordPress. Root cause: unspecified in the provided documents; the vulnerability is described as unauthenticated exposure. Impact: sensitive data exposure w...
New OXLOADER Loader Uses Malicious Google Ads to Deliver CastleStealer
Cybersecurity researchers have disclosed details of a new campaign that delivers CastleStealer by means of a previously unreported malware loader dubbed OXLOADER. According to Elastic Security Labs, the campaign leverages malicious Google Ads as a starting point to distribute the malware. Evidenc...
EUVD-2025-210250
Unauthenticated SQL Injection in Advanced Ads – Tracking 3.0.7 versions...