Scripteo Ads Pro vulnerabilities
10 known vulnerabilities affecting scripteo/ads_pro.
Total CVEs
10
CISA KEV
0
Public exploits
2
Exploited in wild
1
Severity breakdown
CRITICAL2HIGH6MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2025-5339P1HIGHCVSS 7.5Exploited≤ 4.892025-07-02
CVE-2025-5339 [HIGH] CWE-89 CVE-2025-5339: The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable
The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘bsa_pro_id’ parameter in all versions up to, and including, 4.89 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauth
nvd
CVE-2025-4380P1CRITICALCVSS 9.8PoC≤ 4.892025-07-02
CVE-2025-4380 [CRITICAL] CWE-98 CVE-2025-4380: The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable
The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.89 via the 'bsa_template' parameter of the `bsa_preview_callback` function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowi
nvd
CVE-2024-13322P2HIGHCVSS 7.5PoCfixed in 4.892025-05-02
CVE-2024-13322 [HIGH] CWE-89 CVE-2024-13322: The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable
The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection via the 'a_id' parameter in all versions up to, and including, 4.88 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attac
nvd
CVE-2025-4689P2CRITICALCVSS 9.8≤ 4.892025-07-02
CVE-2025-4689 [CRITICAL] CWE-98 CVE-2025-4689: The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable
The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Local File Inclusion which leads to Remote Code Execution in all versions up to, and including, 4.89. This is due to the presence of a SQL Injection vulnerability and Local File Inclusion vulnerability that can be chained with an image upload. This m
nvd
CVE-2025-6437P3HIGHCVSS 7.5≤ 4.892025-07-02
CVE-2025-6437 [HIGH] CWE-89 CVE-2025-6437: The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable
The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection via the ‘oid’ parameter in all versions up to, and including, 4.89 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attacker
nvd
CVE-2025-4381P3HIGHCVSS 7.5≤ 4.892025-07-02
CVE-2025-4381 [HIGH] CWE-89 CVE-2025-4381: The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable
The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection via the ‘$id’ variable of the getSpace() function in all versions up to, and including, 4.89 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fo
nvd
CVE-2025-6459P3HIGHCVSS 8.8≤ 4.892025-07-02
CVE-2025-6459 [HIGH] CWE-352 CVE-2025-6459: The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable
The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.89. This is due to missing or incorrect nonce validation on the bsaCreateAdTemplate function. This makes it possible for unauthenticated attackers to inject and execute arbitrary PHP cod
nvd
CVE-2025-46444P3HIGHCVSS 8.1≤ 4.892025-05-23
CVE-2025-46444 [HIGH] CWE-98 CVE-2025-46444: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in scripteo Ads Pro ap-plugin-scripteo allows PHP Local File Inclusion.This issue affects Ads Pro: from n/a through <= 4.89.
nvd
CVE-2026-25388P4MEDIUMCVSS 5.4≤ 5.02026-02-19
CVE-2026-25388 [MEDIUM] CWE-862 CVE-2026-25388: Missing Authorization vulnerability in scripteo Ads Pro ap-plugin-scripteo allows Exploiting Incorre
Missing Authorization vulnerability in scripteo Ads Pro ap-plugin-scripteo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ads Pro: from n/a through <= 5.0.
nvd
CVE-2025-46464P4MEDIUMCVSS 6.5≤ 5.02025-05-16
CVE-2025-46464 [MEDIUM] CWE-79 CVE-2025-46464: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in scripteo Ads Pro ap-plugin-scripteo allows Stored XSS.This issue affects Ads Pro: from n/a through <= 5.0.
nvd