Skip to main content

Ads By Wpquads

1 CVEs product

Monthly

CVE-2026-57335 MEDIUM This Month

Broken access control in the Ads by WPQuads WordPress plugin (versions <= 3.0.3) allows authenticated subscribers to perform privileged administrative actions they are explicitly unauthorized to execute. The flaw, classified under CWE-862 (Missing Authorization), results in high integrity impact with no confidentiality or availability effect, per the CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N vector. No active exploitation has been identified in CISA KEV at time of analysis, though the low attack complexity and widely deployed WordPress ecosystem make this a realistic risk for any site with open subscriber registration.

Authentication Bypass Ads By Wpquads
NVD
CVSS 3.1
6.5
EPSS
0.2%
EPSS 0% CVSS 6.5
MEDIUM This Month

Broken access control in the Ads by WPQuads WordPress plugin (versions <= 3.0.3) allows authenticated subscribers to perform privileged administrative actions they are explicitly unauthorized to execute. The flaw, classified under CWE-862 (Missing Authorization), results in high integrity impact with no confidentiality or availability effect, per the CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N vector. No active exploitation has been identified in CISA KEV at time of analysis, though the low attack complexity and widely deployed WordPress ecosystem make this a realistic risk for any site with open subscriber registration.

Authentication Bypass Ads By Wpquads
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy