Vulnerabilities and security researches foradvanced-ads advanced-ads

Jun 07, 2024

CVE, Research URL: 7f7383fa1342eeb58c7d7371701dd92ec8bebac3
Home page URL: Security reports for Advanced Ads – Ad Manager & AdSense
Application: Advanced Ads – Ad Manager & AdSense
Date: Mar 17, 2020
Research Description: Advanced Ads – Ad Manager & AdSense [advanced-ads] < 1.17.4 (closed) WordPress Advanced Ads – Ad Manager & AdSense plugin <= 1.17.3 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability Authenticated Reflected Cross-Site Scripting (XSS) vulnerability discovered by Sucuri in WordPress Advanced Ads – Ad Manager & AdSense plugin (versions <= 1.17.3).
Affected versions: max 1.17.4.
Status: vulnerable

CVE, Research URL: CVE-2022-32776
Home page URL: Security reports for Advanced Ads – Ad Manager & AdSense
Application: Advanced Ads – Ad Manager & AdSense
Date: Nov 09, 2022
Research Description: Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Advanced Ads GmbH Advanced Ads – Ad Manager & AdSense plugin <= 1.31.1 on WordPress.
Affected versions: max 1.17.4.
Status: vulnerable

CVE, Research URL: CVE-2024-2290
Home page URL: Security reports for Advanced Ads – Ad Manager & AdSense
Application: Advanced Ads – Ad Manager & AdSense
Date: May 14, 2024
Research Description: The Advanced Ads plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.52.1 via deserialization of untrusted input in the 'placement_slug' parameter. This makes it possible for authenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
Affected versions: max 1.52.2.
Status: vulnerable

CVE, Research URL: CVE-2024-3952
Home page URL: Security reports for Advanced Ads – Ad Manager & AdSense
Application: Advanced Ads – Ad Manager & AdSense
Date: May 14, 2024
Research Description: The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Ad widget in all versions up to, and including, 1.52.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 1.52.2.
Status: vulnerable

Nov 11, 2025

CVE, Research URL: CVE-2025-10487
Home page URL: Security reports for Advanced Ads – Ad Manager & AdSense
Application: Advanced Ads – Ad Manager & AdSense
Date: Nov 01, 2025
Research Description: The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.12 via the select_one() function. This is due to the endpoint not properly restricting access to the AJAX endpoint or limiting the functions that can be called to safe functions. This makes it possible for unauthenticated attackers to call arbitrary functions beginning with get_the_ like get_the_excerpt which can make information exposure possible.
Affected versions: max 2.0.13.
Status: vulnerable