Description
Improper Validation of Specified Quantity in Input vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded allows Input Data Manipulation.This issue affects Ads by WPQuads: from n/a through <= 3.0.2.
Published: 2026-05-27
Score: 6.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Ads by WPQuads plugin suffers from improper validation of the quantity parameter in input data, allowing an attacker to manipulate values and alter the plugin’s configuration or content behavior. This flaw is an instance of the input validation weakness described by CWE‑1284.

Affected Systems

WordPress sites that have installed the Ads by WPQuads quick‑adsense‑reloaded plugin at any version up to and including 3.0.2. The affected product is the Ads by WPQuads plugin as listed by the vendor.

Risk and Exploitability

The vulnerability carries a moderate CVSS score of 6.5. The EPSS score is not available and the issue is not listed in CISA KEV. The likely attack vector is remote, through crafted requests sent to the plugin’s web interface. An attacker could change the quantity setting and thereby alter content displayed to visitors or modify advertiser configuration settings, causing incorrect or malicious advertisements to be shown. The overall risk remains moderate until an official patch is applied.

Generated by OpenCVE AI on May 27, 2026 at 11:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Ads by WPQuads plugin to the latest available version (any release newer than 3.0.2) which corrects the input validation flaw.
  • Restrict access to the WPQuads settings page to administrators only, and consider disabling the plugin if it is not required.
  • Ensure that any quantity input is validated on the server side, enforcing acceptable ranges and proper permission checks per CWE‑1284.

Generated by OpenCVE AI on May 27, 2026 at 11:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 11:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 27 May 2026 10:30:00 +0000

Type Values Removed Values Added
Description Improper Validation of Specified Quantity in Input vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded allows Input Data Manipulation.This issue affects Ads by WPQuads: from n/a through <= 3.0.2.
Title WordPress Ads by WPQuads plugin <= 3.0.2 - Broken Authentication vulnerability
Weaknesses CWE-1284
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-05-27T10:53:36.798Z

Reserved: 2026-04-29T09:05:25.570Z

Link: CVE-2026-42732

cve-icon Vulnrichment

Updated: 2026-05-27T10:53:31.010Z

cve-icon NVD

Status : Received

Published: 2026-05-27T11:16:19.717

Modified: 2026-05-27T11:16:19.717

Link: CVE-2026-42732

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T12:00:32Z

Weaknesses