AdPush < 1.44 - Cross-Site Scripting

The adsense-plugin aka Google AdSense plugin before 1.44 for WordPress has multiple XSS issues. id: CVE-2017-18487 info: name: AdPush 1.44 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The adsense-plugin aka Google AdSense plugin before 1.44 for WordPress has multip...

CVE-2025-68872

Unauthenticated Cross Site Scripting XSS in Elis WordCents adSense Widget with Analytics = 1.3.03.27 versions...

CVE-2025-68872 WordPress Eli's WordCents adSense Widget with Analytics plugin <= 1.3.03.27 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Elis WordCents adSense Widget with Analytics = 1.3.03.27 versions...

CVE-2025-68872

CVE-2025-68872 is a reflected XSS vulnerability in the WordPress plugin “Eli's WordCents adSense Widget with Analytics” (versions

PT-2026-49352

Unauthenticated Cross Site Scripting XSS in Elis WordCents adSense Widget with Analytics = 1.3.03.27 versions...

WordPress plugin Ad Inserter – Ad Manager & AdSense Ads 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2026-42744

Improper Validation of Specified Quantity in Input vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded allows Manipulating Hidden Fields.This issue affects Ads by WPQuads: from n/a through = 3.0.2...

CVE-2026-42744

Improper Validation of Specified Quantity in Input vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded allows Manipulating Hidden Fields.This issue affects Ads by WPQuads: from n/a through = 3.0.2...

CVE-2026-42732 WordPress Ads by WPQuads plugin <= 3.0.2 - Broken Authentication vulnerability

Improper Validation of Specified Quantity in Input vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded allows Input Data Manipulation.This issue affects Ads by WPQuads: from n/a through = 3.0.2...

PT-2026-43644

Improper Validation of Specified Quantity in Input vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded allows Input Data Manipulation.This issue affects Ads by WPQuads: from n/a through = 3.0.2...

Malicious code in react-adsense (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

MAL-2026-4150 Malicious code in react-adsense (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

@hocgin/ui (>=4.0.43 <=4.2.13), ame-miniapp-components (>=1.4.10-beta0 <=1.6.3-beta1) +5 more potentially affected by unknown CVE via react-adsense (=0.1.0)

react-adsense NPM version =0.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on react-adsense and may be impacted: - @hocgin/ui =4.0.43, =1.4.10-beta0, =0.30.0, =2.0.3 - hello-tea-js =1.0.0 - jie-web =1.0.0 Source cves: unknown CVE Source advisory:...

@hocgin/ui (>=4.0.43 <=4.2.13), ame-miniapp-components (>=1.4.10-beta0 <=1.6.3-beta1) +5 more potentially affected by unknown CVE via react-adsense (=0.1.0)

react-adsense NPM version =0.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on react-adsense and may be impacted: - @hocgin/ui =4.0.43, =1.4.10-beta0, =0.30.0, =2.0.3 - hello-tea-js =1.0.0 - jie-web =1.0.0 Source cves: unknown CVE Source advisory:...

CVE-2026-2595

The Quads Ads Manager for Google AdSense plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.98.1 due to insufficient input sanitization and output escaping of multiple ad metadata parameters. This makes it possible for authenticated attackers,...

CVE-2026-2595

The Quads Ads Manager for Google AdSense plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.98.1 due to insufficient input sanitization and output escaping of multiple ad metadata parameters. This makes it possible for authenticated attackers,...

CVE-2026-2595 Quads Ads Manager for Google AdSense <= 2.0.98.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Ad Metadata Parameters

The Quads Ads Manager for Google AdSense plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.98.1 due to insufficient input sanitization and output escaping of multiple ad metadata parameters. This makes it possible for authenticated attackers,...

CVE-2026-2595

CVE-2026-2595 affects the WordPress plugin Quads Ads Manager for Google AdSense and its versions up to and including 2.0.98.1. The issue is stored cross-site scripting caused by insufficient input sanitization and output escaping of multiple ad metadata parameters. Authentication with at least Co...

WordPress Quads Ads Manager for Google AdSense plugin <= 2.0.98.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Ad Metadata Parameters vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Multiple Ad Metadata Parameters vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Ads by WPQuads versions = 2.0.98.1...

WordPress plugin Quads Ads Manager for Google AdSense 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...