Advanced Ads Tracking
Monthly
Unauthenticated SQL injection in the Advanced Ads - Tracking WordPress plugin versions prior to 3.0.7 allows remote attackers to inject arbitrary SQL into backend database queries without authentication. The CVSS 9.3 score with scope change (S:C) indicates the impact extends beyond the plugin to the underlying WordPress database, enabling data exfiltration and partial availability disruption. No public exploit identified at time of analysis, but the unauthenticated network-accessible nature makes this attractive for opportunistic scanning of WordPress installations.
Unauthenticated SQL injection in the Advanced Ads - Tracking WordPress plugin versions prior to 3.0.7 allows remote attackers to inject arbitrary SQL into backend database queries without authentication. The CVSS 9.3 score with scope change (S:C) indicates the impact extends beyond the plugin to the underlying WordPress database, enabling data exfiltration and partial availability disruption. No public exploit identified at time of analysis, but the unauthenticated network-accessible nature makes this attractive for opportunistic scanning of WordPress installations.