Ads By Wpquads
Monthly
Broken access control in the Ads by WPQuads WordPress plugin (versions <= 3.0.3) allows authenticated subscribers to perform privileged administrative actions they are explicitly unauthorized to execute. The flaw, classified under CWE-862 (Missing Authorization), results in high integrity impact with no confidentiality or availability effect, per the CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N vector. No active exploitation has been identified in CISA KEV at time of analysis, though the low attack complexity and widely deployed WordPress ecosystem make this a realistic risk for any site with open subscriber registration.
Broken access control in the Ads by WPQuads WordPress plugin (versions <= 3.0.3) allows authenticated subscribers to perform privileged administrative actions they are explicitly unauthorized to execute. The flaw, classified under CWE-862 (Missing Authorization), results in high integrity impact with no confidentiality or availability effect, per the CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N vector. No active exploitation has been identified in CISA KEV at time of analysis, though the low attack complexity and widely deployed WordPress ecosystem make this a realistic risk for any site with open subscriber registration.