CVE-2024-13322

CVE-2024-13322 describes an unauthenticated SQL injection in the WordPress Ads Pro Plugin (Multi-Purpose Advertising Manager) up to version 4.88. The root cause is insufficient escaping of the a_id parameter and lack of proper preparation in the existing SQL query, allowing attackers to append ad...

CVE-2025-4380

CVE-2025-4380 - Ads Pro Plugin

CVE-2025-6459

The CVE-2025-6459 entry maps to WordPress Ads Pro Plugin (Multi-Purpose WordPress Advertising Manager) with a Cross-Site Request Forgery flaw in the bsaCreateAdTemplate function across all versions up to 4.89. The root cause is missing or incorrect nonce validation, enabling unauthenticated attac...

CVE-2025-5339

CVE-2025-5339 is an unauthenticated time-based SQL Injection in the Ads Pro Plugin – Multi-Purpose WordPress Advertising Manager for WordPress, affected through version 4.89. The root cause is insufficient escaping of the bsa_pro_id parameter and inadequate SQL query preparation, allowing attacke...

CVE-2025-4689

The CVE-2025-4689 entry concerns Ads Pro Plugin for WordPress (Advertising Manager). The connected sources confirm a vulnerability chain: an unauthenticated Local File Inclusion (LFI) that can lead to Remote Code Execution (RCE), triggered by a prior SQL Injection, within all versions up to 4.89....

CVE-2025-4381

The Ads Pro Plugin (WordPress Ads Pro)

CVE-2025-6437

CVE-2025-6437 affects the WordPress plugin "Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager". Vulnerable in all versions up to 4.89 due to insufficient escaping of the user-supplied parameter and inadequate SQL query preparation for the oid input, allowing unauthenticated attackers t...