cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forcm-ad-changer cm-ad-changer

Direction: descending
May 28, 2026

CM Ad Changer – Ad Manager and Ad Server # CVE-2026-9236

CVE, Research URL

CVE-2026-9236

Home page URL

Security reports for CM Ad Changer – Ad Manager and Ad Server

Application

CM Ad Changer – Ad Manager and Ad Server

Date
May 27, 2026
Research Description
The CM Ad Changer – A simple tool to control and optimize your site's banners plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the cmac_campaigns_action function. This makes it possible for unauthenticated attackers to permanently delete arbitrary advertising campaigns, including their associated banner records and uploaded files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 2.0.8.
Status
vulnerable
Apr 24, 2025

CM Ad Changer – Ad Manager and Ad Server # CVE-2025-46245

CVE, Research URL

CVE-2025-46245

Home page URL

Security reports for CM Ad Changer – Ad Manager and Ad Server

Application

CM Ad Changer – Ad Manager and Ad Server

Date
Apr 22, 2025
Research Description
Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM Ad Changer allows Cross Site Request Forgery. This issue affects CM Ad Changer: from n/a through 2.0.5.
Affected versions
max 2.0.6.
Status
vulnerable
Feb 19, 2025

CM Ad Changer – Ad Manager and Ad Server # CVE-2025-24758

CVE, Research URL

CVE-2025-24758

Home page URL

Security reports for CM Ad Changer – Ad Manager and Ad Server

Application

CM Ad Changer – Ad Manager and Ad Server

Date
Mar 03, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeMindsSolutions CM Map Locations allows Reflected XSS. This issue affects CM Map Locations: from n/a through 2.0.8.
Affected versions
max 1.9.9.
Status
vulnerable
Jun 07, 2024

CM Ad Changer – Ad Manager and Ad Server # eb01fee8297a4a9b954f478959dbdb7e8b8899cf

CVE, Research URL

eb01fee8297a4a9b954f478959dbdb7e8b8899cf

Home page URL

Security reports for CM Ad Changer – Ad Manager and Ad Server

Application

CM Ad Changer – Ad Manager and Ad Server

Date
Jun 09, 2016
Research Description
CM Ad Changer &#8211; Ad Manager and Ad Server [cm-ad-changer] < 1.7.6 WordPress CM Ad Changer Plugin <= 1.7.7 - Cross Site Scripting (XSS) This plugin is prone to a stored cross site scripting vulnerability via "banner_title" parameter. Update the plugin.
Affected versions
max 1.7.6.
Status
vulnerable