95 matches found
CVE-2025-9988
The Broadstreet plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the createadvertiser AJAX action in all versions up to, and including, 1.53.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create...
CVE-2025-9988
CVE-2025-9988 affects the WordPress Broadstreet plugin (versions
CVE-2025-9988 Broadstreet <= 1.53.1 - Missing Authorization to Authenticated (Subscriber+) Advertiser Creation
The Broadstreet plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the createadvertiser AJAX action in all versions up to, and including, 1.53.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create...
CVE-2025-9988 Broadstreet <= 1.53.1 - Missing Authorization to Authenticated (Subscriber+) Advertiser Creation
The Broadstreet plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the createadvertiser AJAX action in all versions up to, and including, 1.53.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create...
PT-2026-40559
The Broadstreet plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the create advertiser AJAX action in all versions up to, and including, 1.53.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create...
WordPress plugin Broadstreet 授权问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
WordPress Broadstreet plugin <= 1.53.1 - Missing Authorization to Authenticated (Subscriber+) Advertiser Creation vulnerability
Missing Authorization to Authenticated Subscriber+ Advertiser Creation vulnerability discovered by greenhats - Student in WordPress Plugin Broadstreet Ads versions = 1.53.1...
Revive Adserver: Banner status override by advertiser‑level users
A vulnerability was reported in Revive Adserver 6.0.6 and earlier, which allowed an advertiser-level user to activate or deactivate a banner without proper permissions. The issue was caused by the banner-edit.php script, which allowed the banner status to be overwritten solely based on banner edi...
Your extensions leak clues about you, so we made sure Browser Guard doesn’t
Did you know you can be profiled based on the browser extensions you use? Advertisers can detect which extensions are installed and use that to build a picture of the kind of user you are. For instance, do you pride yourself on being a good online shopper who never pays full price? Maybe you use ...
Revive Adserver: Missing access control when linking trackers to campaigns
A missing access control check was reported when linking trackers to campaigns through the "campaign-trackers.php" script of Revive Adserver 6.0.6 and earlier. A low-privileged user could link their trackers to campaigns owned by other managers on the same instance, resulting in inconsistent...
Revive Adserver: Broken Access Control allows advertiser accounts to delete trackers they do not own
Vulnerability description not provided...
Revive Adserver Cross-Site Scripting Vulnerability (CNVD-2025-29421)
Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from a...
CVE-2025-55126
HackerOne community member Dang Hung Vi vidang04 has reported a stored XSS vulnerability involving the navigation box at the top of advertiser-related pages, with campaign names being the vector for the stored XSS...
CVE-2025-55123
Improper neutralization of input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes manager accounts to be able to craft XSS attacks to their own advertiser users...
EUVD-2025-198334
HackerOne community member Dang Hung Vi vidang04 has reported a stored XSS vulnerability involving the navigation box at the top of advertiser-related pages, with campaign names being the vector for the stored XSS...
EUVD-2025-198349
Improper neutralization of input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes manager accounts to be able to craft XSS attacks to their own advertiser users...
CVE-2025-55123
Improper neutralization of input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes manager accounts to be able to craft XSS attacks to their own advertiser users...
CVE-2025-55123
Improper neutralization of input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes manager accounts to be able to craft XSS attacks to their own advertiser users...
CVE-2025-55126
HackerOne community member Dang Hung Vi vidang04 has reported a stored XSS vulnerability involving the navigation box at the top of advertiser-related pages, with campaign names being the vector for the stored XSS...
CVE-2025-55126
HackerOne community member Dang Hung Vi vidang04 has reported a stored XSS vulnerability involving the navigation box at the top of advertiser-related pages, with campaign names being the vector for the stored XSS...