Description
Unauthenticated Sensitive Data Exposure in Ads by WPQuads <= 3.0.3 versions.
Published: 2026-06-26
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The plugin suffers from an unauthenticated data exposure vulnerability, allowing any user to read confidential information stored by the plugin. This flaw enables attackers to access sensitive data that should be protected by authentication and access controls, potentially revealing user or site data. The likely attack vector is through publicly accessible URLs provided by the plugin and no authentication is required.

Affected Systems

WordPress sites using the Ads by WPQuads plugin, version 3.0.3 or earlier, are impacted. Those installations expose sensitive data via the plugin’s interfaces to any unauthenticated visitor.

Risk and Exploitability

The CVSS score of 7.5 marks this issue as high severity. The EPSS score is not available, but the lack of authentication makes exploitation trivial, so the vulnerability is likely to be actively abused. It is not listed in the CISA KEV catalog, yet the confidentiality impact warrants immediate attention.

Generated by OpenCVE AI on June 26, 2026 at 16:50 UTC.

Remediation

Vendor Solution

Update the WordPress Ads by WPQuads Plugin to the latest available version (at least 3.0.4).

OpenCVE Recommended Actions

  • Update the Ads by WPQuads plugin to version 3.0.4 or later.
  • If an update cannot be performed right away, disable or uninstall the plugin to stop data exposure.
  • Review the plugin configuration to ensure no sensitive data is exposed and re‑validate that the plugin endpoints no longer leak information.

Generated by OpenCVE AI on June 26, 2026 at 16:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 26 Jun 2026 15:15:00 +0000

Type Values Removed Values Added
Description Unauthenticated Sensitive Data Exposure in Ads by WPQuads <= 3.0.3 versions.
Title WordPress Ads by WPQuads plugin <= 3.0.3 - Sensitive Data Exposure vulnerability
Weaknesses CWE-497
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-26T15:39:00.437Z

Reserved: 2026-06-16T09:21:51.802Z

Link: CVE-2026-54824

cve-icon Vulnrichment

Updated: 2026-06-26T15:38:56.959Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T17:00:04Z

Weaknesses
  • CWE-497

    Exposure of Sensitive System Information to an Unauthorized Control Sphere