332 matches found
CVE-2025-6437 Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Unauthenticated SQL Injection via oid
The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection via the ‘oid’ parameter in all versions up to, and including, 4.89 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...
EUVD-2025-19684
The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.89 via the 'bsatemplate' parameter of the bsapreviewcallback function. This makes it possible for unauthenticated attackers to includ...
CVE-2025-4380 Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Unauthenticated Local File Inclusion
The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.89 via the 'bsatemplate' parameter of the bsapreviewcallback function. This makes it possible for unauthenticated attackers to includ...
CVE-2025-4380 Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Unauthenticated Local File Inclusion
The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.89 via the 'bsatemplate' parameter of the bsapreviewcallback function. This makes it possible for unauthenticated attackers to includ...
CVE-2025-4380
CVE-2025-4380 - Ads Pro Plugin
CVE-2025-6459 Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Cross-Site Request Forgery to PHP Code Injection in bsaCreateAdTemplate
The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.89. This is due to missing or incorrect nonce validation on the bsaCreateAdTemplate function. This makes it possible for...
CVE-2025-6459 Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Cross-Site Request Forgery to PHP Code Injection in bsaCreateAdTemplate
The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.89. This is due to missing or incorrect nonce validation on the bsaCreateAdTemplate function. This makes it possible for...
CVE-2025-6459
The CVE-2025-6459 entry maps to WordPress Ads Pro Plugin (Multi-Purpose WordPress Advertising Manager) with a Cross-Site Request Forgery flaw in the bsaCreateAdTemplate function across all versions up to 4.89. The root cause is missing or incorrect nonce validation, enabling unauthenticated attac...
CVE-2025-4381
The Ads Pro Plugin (WordPress Ads Pro)
CVE-2025-4689 Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Unauthenticated Local File Inclusion to Remote Code Execution
The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Local File Inclusion which leads to Remote Code Execution in all versions up to, and including, 4.89. This is due to the presence of a SQL Injection vulnerability and Local File Inclusion...
CVE-2025-4689 Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Unauthenticated Local File Inclusion to Remote Code Execution
The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Local File Inclusion which leads to Remote Code Execution in all versions up to, and including, 4.89. This is due to the presence of a SQL Injection vulnerability and Local File Inclusion...
PT-2025-27587 · WordPress · The Ads Pro Plugin
Name of the Vulnerable Software and Affected Versions: The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin versions up to, and including, 4.89 Description: The issue allows for SQL Injection via the id variable of the getSpace function due to insufficient escaping on the...
PT-2025-27589 · WordPress · The Ads Pro Plugin
Name of the Vulnerable Software and Affected Versions: Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager versions up to, and including, 4.89 Description: The issue is due to the presence of a SQL Injection vulnerability and Local File Inclusion vulnerability that can be chained with an...
WordPress plugin Ads Pro SQL注入漏洞
WordPress Ads Pro is a multi-purpose ad management plugin, mainly used for flexible management of ad space in WordPress websites, supporting banner ad display, billing mode settings and user-friendly ad placement solutions. WordPress ads pro suffers from a SQL injection vulnerability, which stems...
PT-2025-27591 · WordPress · Ads Pro Plugin
Name of the Vulnerable Software and Affected Versions: Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager versions up to 4.89 Description: The issue is related to a time-based SQL injection vulnerability. It occurs due to insufficient escaping of the user-supplied bsa pro id parameter a...
PT-2025-27595 · WordPress · The Ads Pro Plugin
Name of the Vulnerable Software and Affected Versions: The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin versions up to, and including, 4.89 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the bsaCreateAdTemplat...
WordPress Ads Pro plugin <= 4.89 - Unauthenticated SQL Injection via oid vulnerability
Unauthenticated SQL Injection via oid vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Ads Pro versions = 4.89...
WordPress WidgetKit Pro plugin <= 1.13.1 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Nguyễn Trung Kiên anhchangmutrang in WordPress Plugin WidgetKit Pro versions = 1.13.1...
CVE-2025-3076 Elementor Pro <= 3.29.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘buttontext’ parameter in all versions up to, and including, 3.29.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-46444
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in scripteo Ads Pro ap-plugin-scripteo allows PHP Local File Inclusion.This issue affects Ads Pro: from n/a through = 4.89...