Multiple SQL injection vulnerabilities in the Simple Ads Manager plugin before 2.7.97 for WordPress allow remote attackers to execute arbitrary SQL commands via a (1) hits[][] parameter in a sam_hits action to sam-ajax.php; the (2) cstr parameter in a load_posts action to sam-ajax-admin.php; the (3...
6.5AI Score
0.012EPSS
Unrestricted file upload vulnerability in sam-ajax-admin.php in the Simple Ads Manager plugin before 2.5.96 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the directory specified...
7.7AI Score
0.559EPSS
WordPress Simple Ads Manager plugin 2.5.94 and 2.5.96 allows remote attackers to obtain sensitive information.
5.3CVSS
5.1AI Score
0.814EPSS
A vulnerability classified as critical was found in Simple Ads Manager Plugin. This vulnerability affects unknown code. The manipulation leads to code injection. The attack can be initiated remotely.
9.8CVSS
9.7AI Score
0.005EPSS