Impact
The Advanced Ads plugin contains a flaw that allows a remote attacker to inject arbitrary code. This type of weakness, classified as CWE‑94, can lead to full compromise of the web server, giving attackers control over the site, data, and potentially the underlying operating system.
Affected Systems
WordPress sites that have installed Monetizemore’s Advanced Ads plugin in any version from the earliest release through 2.0.21 are vulnerable. This includes any deployment that has not yet applied the security update to 2.0.22 or later.
Risk and Exploitability
The CVSS score of 7.5 reflects a high impact if exploited. No EPSS score is available, but the vulnerability appears to be exploitable remotely, likely via specially crafted requests to the plugin’s interface. Based on the description of remote code inclusion, it is inferred that the attack vector is remote and does not require authentication. Although it is not listed in the CISA KEV catalog, the ability to run arbitrary code makes it a high‑risk issue that should be addressed promptly.
OpenCVE Enrichment