Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.3
Advanced Ads plugin for WordPress allows unauthorized ad changes
CVE-2025-12884
Summary
The Advanced Ads plugin for WordPress fails to properly check user permissions, allowing authorized users to make unauthorized changes to ad placements. This could allow attackers to change which ads are displayed on a website. Upgrade to version 2.0.15 or later to fix the issue.
Original title
The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 2.0.14. This is due to the plugin not properly verifying that a ...
Original description
The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 2.0.14. This is due to the plugin not properly verifying that a user is authorized to perform an action in the `placement_update_item()` function. This makes it possible for authenticated attackers, with subscriber-level access and above, to update ad placements, allowing them to change which ad or ad group a placement serves.
nvd CVSS3.1
4.3
Vulnerability type
CWE-284
Improper Access Control
Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026