Description
Improper Control of Generation of Code ('Code Injection') vulnerability in Monetizemore Advanced Ads allows Remote Code Inclusion.

This issue affects Advanced Ads: from n/a through 2.0.21.
Published: 2026-06-17
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Advanced Ads plugin contains a flaw that allows a remote attacker to inject arbitrary code. This type of weakness, classified as CWE‑94, can lead to full compromise of the web server, giving attackers control over the site, data, and potentially the underlying operating system.

Affected Systems

WordPress sites that have installed Monetizemore’s Advanced Ads plugin in any version from the earliest release through 2.0.21 are vulnerable. This includes any deployment that has not yet applied the security update to 2.0.22 or later.

Risk and Exploitability

The CVSS score of 7.5 reflects a high impact if exploited. No EPSS score is available, but the vulnerability appears to be exploitable remotely, likely via specially crafted requests to the plugin’s interface. Based on the description of remote code inclusion, it is inferred that the attack vector is remote and does not require authentication. Although it is not listed in the CISA KEV catalog, the ability to run arbitrary code makes it a high‑risk issue that should be addressed promptly.

Generated by OpenCVE AI on June 18, 2026 at 11:41 UTC.

Remediation

Vendor Solution

Update the WordPress Advanced Ads Plugin to the latest available version (at least 2.0.22).


OpenCVE Recommended Actions

  • Update the Advanced Ads plugin to version 2.0.22 or later.
  • If an immediate update is not possible, disable or uninstall the plugin to eliminate the vulnerable code path.
  • Ensure that the site uses only trusted plugins from reputable sources and monitor for other known vulnerabilities in WordPress.

Generated by OpenCVE AI on June 18, 2026 at 11:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
First Time appeared Monetizemore
Monetizemore advanced Ads
Wordpress
Wordpress wordpress
Vendors & Products Monetizemore
Monetizemore advanced Ads
Wordpress
Wordpress wordpress
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 17 Jun 2026 14:00:00 +0000

Type Values Removed Values Added
Description Improper Control of Generation of Code ('Code Injection') vulnerability in Monetizemore Advanced Ads allows Remote Code Inclusion. This issue affects Advanced Ads: from n/a through 2.0.21.
Title WordPress Advanced Ads plugin <= 2.0.21 - Remote Code Execution (RCE) vulnerability
Weaknesses CWE-94
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}


Subscriptions

Monetizemore Advanced Ads
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-17T15:38:43.012Z

Reserved: 2026-06-16T09:21:46.612Z

Link: CVE-2026-54816

cve-icon Vulnrichment

Updated: 2026-06-17T15:38:36.699Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T11:45:15Z

Weaknesses
  • CWE-94

    Improper Control of Generation of Code ('Code Injection')