Broadstreet
by WordPress
CVEs (7)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-69311 | Hig | 0.49 | 7.6 | 0.00 | Jan 22, 2026 | Missing Authorization vulnerability in Broadstreet Broadstreet Ads broadstreet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broadstreet Ads: from n/a through <= 1.52.1. | |
| CVE-2025-48113 | Med | 0.42 | 6.5 | 0.00 | May 16, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Broadstreet Broadstreet Ads broadstreet allows Stored XSS.This issue affects Broadstreet Ads: from n/a through <= 1.51.2. | |
| CVE-2025-32211 | Med | 0.42 | 6.5 | 0.00 | Apr 8, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Broadstreet Broadstreet Ads broadstreet allows Stored XSS.This issue affects Broadstreet Ads: from n/a through <= 1.52.1. | |
| CVE-2026-45210 | Med | 0.35 | 5.4 | 0.00 | May 12, 2026 | Missing Authorization vulnerability in Broadstreet Broadstreet Ads broadstreet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broadstreet Ads: from n/a through <= 1.52.2. | |
| CVE-2025-9987 | Med | 0.34 | 5.3 | 0.00 | May 13, 2026 | The Broadstreet plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.53.1 via the get_sponsored_meta() AJAX action. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract data from password protected and private business details. | |
| CVE-2025-9988 | Med | 0.28 | 4.3 | 0.00 | May 13, 2026 | The Broadstreet plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the create_advertiser AJAX action in all versions up to, and including, 1.53.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create advertisers. | |
| CVE-2025-32270 | Med | 0.28 | 4.3 | 0.00 | Apr 4, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Broadstreet Broadstreet Ads broadstreet allows Cross Site Request Forgery.This issue affects Broadstreet Ads: from n/a through <= 1.52.1. |
- risk 0.49cvss 7.6epss 0.00
Missing Authorization vulnerability in Broadstreet Broadstreet Ads broadstreet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broadstreet Ads: from n/a through <= 1.52.1.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Broadstreet Broadstreet Ads broadstreet allows Stored XSS.This issue affects Broadstreet Ads: from n/a through <= 1.51.2.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Broadstreet Broadstreet Ads broadstreet allows Stored XSS.This issue affects Broadstreet Ads: from n/a through <= 1.52.1.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Broadstreet Broadstreet Ads broadstreet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broadstreet Ads: from n/a through <= 1.52.2.
- risk 0.34cvss 5.3epss 0.00
The Broadstreet plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.53.1 via the get_sponsored_meta() AJAX action. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract data from password protected and private business details.
- risk 0.28cvss 4.3epss 0.00
The Broadstreet plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the create_advertiser AJAX action in all versions up to, and including, 1.53.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create advertisers.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Broadstreet Broadstreet Ads broadstreet allows Cross Site Request Forgery.This issue affects Broadstreet Ads: from n/a through <= 1.52.1.