Advanced Poll

CVEs (4)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2025-10487	WordPress Advanced Poll	Hig	0.47	7.3	0.01	Nov 1, 2025	The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.12 via the select_one() function. This is due to the endpoint not properly restricting access to the AJAX endpoint or limiting the…
CVE-2024-3952	WordPress Advanced Poll	Med	0.42	6.4	0.00	May 14, 2024	The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Ad widget in all versions up to, and including, 1.52.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes…
CVE-2025-12984	WordPress Advanced Poll	Med	0.32	4.9	0.00	Jan 17, 2026	The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 2.0.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing…
CVE-2025-12884	WordPress Advanced Poll	Med	0.21	4.3	0.00	Feb 19, 2026	The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 2.0.14. This is due to the plugin not properly verifying that a user is authorized to perform an action in the `placement_update_item()`…

CVE-2025-10487HigNov 1, 2025
WordPress
Advanced Poll
risk 0.47cvss 7.3epss 0.01
The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.12 via the select_one() function. This is due to the endpoint not properly restricting access to the AJAX endpoint or limiting the…
CVE-2024-3952MedMay 14, 2024
WordPress
Advanced Poll
risk 0.42cvss 6.4epss 0.00
The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Ad widget in all versions up to, and including, 1.52.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes…
CVE-2025-12984MedJan 17, 2026
WordPress
Advanced Poll
risk 0.32cvss 4.9epss 0.00
The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 2.0.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing…
CVE-2025-12884MedFeb 19, 2026
WordPress
Advanced Poll
risk 0.21cvss 4.3epss 0.00
The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 2.0.14. This is due to the plugin not properly verifying that a user is authorized to perform an action in the `placement_update_item()`…