Lucene search
K

332 matches found

Cvelist
Cvelist
added 2025/07/02 3:47 a.m.8 views

CVE-2025-6437 Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Unauthenticated SQL Injection via oid

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection via the ‘oid’ parameter in all versions up to, and including, 4.89 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...

7.5CVSS0.00327EPSS
Exploits0References2
EUVD
EUVD
added 2025/07/02 3:47 a.m.9 views

EUVD-2025-19684

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.89 via the 'bsatemplate' parameter of the bsapreviewcallback function. This makes it possible for unauthenticated attackers to includ...

9.8CVSS7.5AI score0.28162EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/07/02 3:47 a.m.15 views

CVE-2025-4380 Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Unauthenticated Local File Inclusion

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.89 via the 'bsatemplate' parameter of the bsapreviewcallback function. This makes it possible for unauthenticated attackers to includ...

8.1CVSS0.28162EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/07/02 3:47 a.m.7 views

CVE-2025-4380 Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Unauthenticated Local File Inclusion

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.89 via the 'bsatemplate' parameter of the bsapreviewcallback function. This makes it possible for unauthenticated attackers to includ...

8.1CVSS8.1AI score0.28162EPSS
Exploits1References2
CVE
CVE
added 2025/07/02 3:47 a.m.68 views

CVE-2025-4380

CVE-2025-4380 - Ads Pro Plugin

9.8CVSS8.1AI score0.28162EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/07/02 3:47 a.m.5 views

CVE-2025-6459 Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Cross-Site Request Forgery to PHP Code Injection in bsaCreateAdTemplate

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.89. This is due to missing or incorrect nonce validation on the bsaCreateAdTemplate function. This makes it possible for...

8.8CVSS7.5AI score0.00167EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/07/02 3:47 a.m.10 views

CVE-2025-6459 Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Cross-Site Request Forgery to PHP Code Injection in bsaCreateAdTemplate

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.89. This is due to missing or incorrect nonce validation on the bsaCreateAdTemplate function. This makes it possible for...

8.8CVSS0.00167EPSS
Exploits0References2
CVE
CVE
added 2025/07/02 3:47 a.m.37 views

CVE-2025-6459

The CVE-2025-6459 entry maps to WordPress Ads Pro Plugin (Multi-Purpose WordPress Advertising Manager) with a Cross-Site Request Forgery flaw in the bsaCreateAdTemplate function across all versions up to 4.89. The root cause is missing or incorrect nonce validation, enabling unauthenticated attac...

8.8CVSS7.3AI score0.00167EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2025/07/02 3:47 a.m.28 views

CVE-2025-4381

The Ads Pro Plugin (WordPress Ads Pro)

7.5CVSS7.8AI score0.00327EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/07/02 3:47 a.m.28 views

CVE-2025-4689 Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Unauthenticated Local File Inclusion to Remote Code Execution

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Local File Inclusion which leads to Remote Code Execution in all versions up to, and including, 4.89. This is due to the presence of a SQL Injection vulnerability and Local File Inclusion...

9.8CVSS0.00531EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/07/02 3:47 a.m.7 views

CVE-2025-4689 Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Unauthenticated Local File Inclusion to Remote Code Execution

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Local File Inclusion which leads to Remote Code Execution in all versions up to, and including, 4.89. This is due to the presence of a SQL Injection vulnerability and Local File Inclusion...

9.8CVSS9.2AI score0.00531EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/07/02 12:0 a.m.5 views

PT-2025-27587 · WordPress · The Ads Pro Plugin

Name of the Vulnerable Software and Affected Versions: The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin versions up to, and including, 4.89 Description: The issue allows for SQL Injection via the id variable of the getSpace function due to insufficient escaping on the...

7.5CVSS6.9AI score0.00327EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/07/02 12:0 a.m.7 views

PT-2025-27589 · WordPress · The Ads Pro Plugin

Name of the Vulnerable Software and Affected Versions: Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager versions up to, and including, 4.89 Description: The issue is due to the presence of a SQL Injection vulnerability and Local File Inclusion vulnerability that can be chained with an...

9.8CVSS7.8AI score0.00531EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/07/02 12:0 a.m.6 views

WordPress plugin Ads Pro SQL注入漏洞

WordPress Ads Pro is a multi-purpose ad management plugin, mainly used for flexible management of ad space in WordPress websites, supporting banner ad display, billing mode settings and user-friendly ad placement solutions. WordPress ads pro suffers from a SQL injection vulnerability, which stems...

7.5CVSS7.7AI score0.00327EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/02 12:0 a.m.7 views

PT-2025-27591 · WordPress · Ads Pro Plugin

Name of the Vulnerable Software and Affected Versions: Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager versions up to 4.89 Description: The issue is related to a time-based SQL injection vulnerability. It occurs due to insufficient escaping of the user-supplied bsa pro id parameter a...

7.5CVSS6.9AI score0.00327EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/07/02 12:0 a.m.8 views

PT-2025-27595 · WordPress · The Ads Pro Plugin

Name of the Vulnerable Software and Affected Versions: The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin versions up to, and including, 4.89 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the bsaCreateAdTemplat...

8.8CVSS6.8AI score0.00167EPSS
Exploits0References7
Patchstack
Patchstack
added 2025/07/01 10:37 p.m.8 views

WordPress Ads Pro plugin <= 4.89 - Unauthenticated SQL Injection via oid vulnerability

Unauthenticated SQL Injection via oid vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Ads Pro versions = 4.89...

7.5CVSS5.9AI score0.00327EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/06/12 12:58 p.m.7 views

WordPress WidgetKit Pro plugin <= 1.13.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyễn Trung Kiên anhchangmutrang in WordPress Plugin WidgetKit Pro versions = 1.13.1...

7.1CVSS5.9AI score0.00146EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2025/06/10 4:23 a.m.54 views

CVE-2025-3076 Elementor Pro <= 3.29.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘buttontext’ parameter in all versions up to, and including, 3.29.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00169EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/25 1:19 p.m.9 views

CVE-2025-46444

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in scripteo Ads Pro ap-plugin-scripteo allows PHP Local File Inclusion.This issue affects Ads Pro: from n/a through = 4.89...

8.1CVSS5.9AI score0.00669EPSS
Exploits0References1
Rows per page
Query Builder