Scripteo Ads Pro Plugin Multi-Purpose Wordpress Advertising Manager vulnerabilities
8 known vulnerabilities affecting scripteo/ads_pro_plugin_multi-purpose_wordpress_advertising_manager.
Total CVEs
8
CISA KEV
0
Public exploits
2
Exploited in wild
1
Severity breakdown
CRITICAL2HIGH6
Vulnerabilities
Page 1 of 1
CVE-2025-5339P1HIGHCVSS 7.5Exploited≤ 4.892025-07-02
CVE-2025-5339 [HIGH] CWE-89 CVE-2025-5339: The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable
The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘bsa_pro_id’ parameter in all versions up to, and including, 4.89 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauth
nvd
CVE-2025-4380P1CRITICALCVSS 9.8PoC≤ 4.892025-07-02
CVE-2025-4380 [CRITICAL] CWE-98 CVE-2025-4380: The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable
The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.89 via the 'bsa_template' parameter of the `bsa_preview_callback` function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowi
nvd
CVE-2024-13322P2HIGHCVSS 7.5PoC≤ 4.882025-05-02
CVE-2024-13322 [HIGH] CWE-89 CVE-2024-13322: The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable
The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection via the 'a_id' parameter in all versions up to, and including, 4.88 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attac
nvd
CVE-2025-4689P2CRITICALCVSS 9.8≤ 4.892025-07-02
CVE-2025-4689 [CRITICAL] CWE-98 CVE-2025-4689: The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable
The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Local File Inclusion which leads to Remote Code Execution in all versions up to, and including, 4.89. This is due to the presence of a SQL Injection vulnerability and Local File Inclusion vulnerability that can be chained with an image upload. This m
nvd
CVE-2025-7402P3HIGHCVSS 7.5≤ 4.952025-11-24
CVE-2025-7402 [HIGH] CWE-89 CVE-2025-7402: The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable
The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘site_id’ parameter in all versions up to, and including, 4.95 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthent
nvd
CVE-2025-6437P3HIGHCVSS 7.5≤ 4.892025-07-02
CVE-2025-6437 [HIGH] CWE-89 CVE-2025-6437: The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable
The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection via the ‘oid’ parameter in all versions up to, and including, 4.89 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attacker
nvd
CVE-2025-4381P3HIGHCVSS 7.5≤ 4.892025-07-02
CVE-2025-4381 [HIGH] CWE-89 CVE-2025-4381: The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable
The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection via the ‘$id’ variable of the getSpace() function in all versions up to, and including, 4.89 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fo
nvd
CVE-2025-6459P3HIGHCVSS 8.8≤ 4.892025-07-02
CVE-2025-6459 [HIGH] CWE-352 CVE-2025-6459: The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable
The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.89. This is due to missing or incorrect nonce validation on the bsaCreateAdTemplate function. This makes it possible for unauthenticated attackers to inject and execute arbitrary PHP cod
nvd