Skip to main content

Advanced Ads Tracking

1 CVEs product

Monthly

CVE-2025-59554 CRITICAL Act Now

Unauthenticated SQL injection in the Advanced Ads - Tracking WordPress plugin versions prior to 3.0.7 allows remote attackers to inject arbitrary SQL into backend database queries without authentication. The CVSS 9.3 score with scope change (S:C) indicates the impact extends beyond the plugin to the underlying WordPress database, enabling data exfiltration and partial availability disruption. No public exploit identified at time of analysis, but the unauthenticated network-accessible nature makes this attractive for opportunistic scanning of WordPress installations.

SQLi Advanced Ads Tracking
NVD VulDB
CVSS 3.1
9.3
EPSS
0.4%
EPSS 0% CVSS 9.3
CRITICAL Act Now

Unauthenticated SQL injection in the Advanced Ads - Tracking WordPress plugin versions prior to 3.0.7 allows remote attackers to inject arbitrary SQL into backend database queries without authentication. The CVSS 9.3 score with scope change (S:C) indicates the impact extends beyond the plugin to the underlying WordPress database, enabling data exfiltration and partial availability disruption. No public exploit identified at time of analysis, but the unauthenticated network-accessible nature makes this attractive for opportunistic scanning of WordPress installations.

SQLi Advanced Ads Tracking
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy