Description
Improper Validation of Specified Quantity in Input vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded allows Manipulating Hidden Fields.This issue affects Ads by WPQuads: from n/a through <= 3.0.2.
Published: 2026-05-27
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability lies in the Ads by WPQuads plugin’s handling of quantity input, which incorrectly validates specified amounts and permits manipulation of hidden form fields. This flaw can lead to unauthorized alteration of ad display behavior, potentially affecting the confidentiality or integrity of the site’s advertising logic. The weakness matches CWE-1284, illustrating an input validation error that can be exploited to change the plugin’s intended function.

Affected Systems

The affected product is the Ads by WPQuads WordPress plugin, versions from the initial release through 3.0.2. Administrators should verify the exact version in use, as the bug applies to any installation within that range.

Risk and Exploitability

With a CVSS base score of 6.5 the vulnerability presents moderate risk. The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog. It is likely exploitable via a remote attacker able to craft requests to the plugin’s input handling, as the flaw centers on insufficient validation of hidden fields. There are no official patches or workarounds provided in the CNA data, so the plugin remains vulnerable until an update is applied.

Generated by OpenCVE AI on May 27, 2026 at 11:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Ads by WPQuads to a version newer than 3.0.2. If a newer version is not available, uninstall or disable the plugin.
  • Implement server‑side validation to ensure quantity values are within the expected range and reject tampered hidden fields before processing ad logic.
  • Harden form handling by removing or sanitizing hidden fields, and employ WordPress nonces to protect against cross‑site request forgery.
  • Monitor site logs for anomalous ad rendering or unexpected quantity requests to detect abuse early.

Generated by OpenCVE AI on May 27, 2026 at 11:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 11:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 27 May 2026 10:30:00 +0000

Type Values Removed Values Added
Description Improper Validation of Specified Quantity in Input vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded allows Manipulating Hidden Fields.This issue affects Ads by WPQuads: from n/a through <= 3.0.2.
Title WordPress Ads by WPQuads plugin <= 3.0.2 - Bypass Vulnerability vulnerability
Weaknesses CWE-1284
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-05-27T10:51:14.177Z

Reserved: 2026-04-29T09:05:30.886Z

Link: CVE-2026-42744

cve-icon Vulnrichment

Updated: 2026-05-27T10:51:09.075Z

cve-icon NVD

Status : Deferred

Published: 2026-05-27T11:16:20.827

Modified: 2026-05-27T14:50:47.627

Link: CVE-2026-42744

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T12:00:32Z

Weaknesses