cbcvebase.

Simple Ads Manager Project Simple Ads Manager vulnerabilities

4 known vulnerabilities affecting simple_ads_manager_project/simple_ads_manager.

Total CVEs
4
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2015-2825P2HIGHCVSS 7.5PoC≤ 2.5.942015-04-21
CVE-2015-2825 [HIGH] CVE-2015-2825: Unrestricted file upload vulnerability in sam-ajax-admin.php in the Simple Ads Manager plugin before Unrestricted file upload vulnerability in sam-ajax-admin.php in the Simple Ads Manager plugin before 2.5.96 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the directory specified by the path parameter.
nvd
CVE-2015-2824P3HIGHCVSS 7.5PoCv2.5.94v2.5.962015-04-06
CVE-2015-2824 [HIGH] CWE-89 CVE-2015-2824: Multiple SQL injection vulnerabilities in the Simple Ads Manager plugin before 2.7.97 for WordPress Multiple SQL injection vulnerabilities in the Simple Ads Manager plugin before 2.7.97 for WordPress allow remote attackers to execute arbitrary SQL commands via a (1) hits[][] parameter in a sam_hits action to sam-ajax.php; the (2) cstr parameter in a load_posts action to sam-ajax-admin.php; the (3) searchTerm parameter in a load_combo_data action to sam-
nvd
CVE-2015-2826P3MEDIUMCVSS 5.3PoCv2.5.94v2.5.962017-09-20
CVE-2015-2826 [MEDIUM] CWE-200 CVE-2015-2826: WordPress Simple Ads Manager plugin 2.5.94 and 2.5.96 allows remote attackers to obtain sensitive in WordPress Simple Ads Manager plugin 2.5.94 and 2.5.96 allows remote attackers to obtain sensitive information.
nvd
CVE-2017-20095P3CRITICALCVSS 9.8v2.9.8.1252022-06-24
CVE-2017-20095 [CRITICAL] CWE-94 CVE-2017-20095: A vulnerability classified as critical was found in Simple Ads Manager Plugin. This vulnerability af A vulnerability classified as critical was found in Simple Ads Manager Plugin. This vulnerability affects unknown code. The manipulation leads to code injection. The attack can be initiated remotely.
nvd