{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-13592", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-11-24T06:36:17.899Z", "datePublished": "2025-12-29T18:20:50.576Z", "dateUpdated": "2026-04-08T17:34:16.769Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:34:16.769Z"}, "affected": [{"vendor": "monetizemore", "product": "Advanced Ads \u2013\u00a0Ad Manager & AdSense", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.0.14", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Advanced Ads plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.0.14 via the 'change-ad__content' shortcode parameter. This allows authenticated attackers with editor-level permissions or above, to execute code on the server."}], "title": "Advanced Ads <= 2.0.14 - Authenticated (Editor+) Remote Code Execution via Shortcode", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f9e83561-aa71-4984-8a26-207e208d70e8?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/advanced-ads/tags/2.0.14/includes/ads/class-ad-plain.php#L36"}, {"url": "https://plugins.trac.wordpress.org/changeset/3427297/advanced-ads#file9"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')", "cweId": "CWE-94", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.2, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "NosleeP"}], "timeline": [{"time": "2025-12-29T06:04:25.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-30T21:57:13.459911Z", "id": "CVE-2025-13592", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-30T22:30:07.259Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-13592", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-12-30T21:57:13.459911Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-30T21:57:23.934Z"}}], "cna": {"title": "Advanced Ads <= 2.0.14 - Authenticated (Editor+) Remote Code Execution via Shortcode", "credits": [{"lang": "en", "type": "finder", "value": "NosleeP"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "monetizemore", "product": "Advanced Ads \u2013\u00a0Ad Manager & AdSense", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.0.14"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-12-29T06:04:25.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f9e83561-aa71-4984-8a26-207e208d70e8?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/advanced-ads/tags/2.0.14/includes/ads/class-ad-plain.php#L36"}, {"url": "https://plugins.trac.wordpress.org/changeset/3427297/advanced-ads#file9"}], "descriptions": [{"lang": "en", "value": "The Advanced Ads plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.0.14 via the 'change-ad__content' shortcode parameter. This allows authenticated attackers with editor-level permissions or above, to execute code on the server."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:34:16.769Z"}}}, "cveMetadata": {"cveId": "CVE-2025-13592", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:34:16.769Z", "dateReserved": "2025-11-24T06:36:17.899Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-12-29T18:20:50.576Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Advanced Ads plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.0.14 via the 'change-ad__content' shortcode parameter. This allows authenticated attackers with editor-level permissions or above, to execute code on the server."}], "id": "CVE-2025-13592", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-12-29T19:15:54.687", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/advanced-ads/tags/2.0.14/includes/ads/class-ad-plain.php#L36"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3427297/advanced-ads#file9"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f9e83561-aa71-4984-8a26-207e208d70e8?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T00:38:01.227124+00:00", "value": {"mitigation_remediation": ["Upgrade the Advanced Ads plugin to the latest version that excludes the flaw (any release above 2.0.14).", "Limit the number of users with editor or higher roles to only trusted individuals; remove or downgrade editor permissions where feasible.", "Disable or remove the 'change-ad__content' shortcode or the entire plugin if it is not required for business operations."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The affected product is the Advanced Ads \u2013 Ad Manager & AdSense plugin, produced by monetizemore, version 2.0.14 and earlier. Any WordPress site that has this plugin installed and a user with editor or higher privileges is vulnerable. The version range specified is up to 2.0.14; newer releases presumably contain the fix.", "description_and_impact": "The Advanced Ads plugin for WordPress is vulnerable to remote code execution in versions up to and including 2.0.14 via the 'change-ad__content' shortcode parameter. An attacker who can authenticate with editor-level permissions supplies malicious code in the shortcode, which the plugin executes on the server. This flaw, classified as CWE-94, lets the attacker run arbitrary PHP on the site, compromising the confidentiality, integrity, and availability of the site and potentially the underlying server.", "risk_and_exploitability": "The CVSS score of 7.2 indicates a high\u2011severity vulnerability. The EPSS value of less than 1% suggests a low likelihood of active exploitation at this time, and the vulnerability is not currently listed in CISA\u2019s KEV catalog. However, because the flaw requires authenticated access, attackers with editor or higher roles can exploit it; thus an attacker with such permissions could fully compromise the site. Administrators should therefore consider the risk significant and treat this as a high\u2011priority issue."}}}}, "created": "2026-01-05T10:23:14.095886+00:00", "updated": "2026-04-21T00:45:23.093516+00:00", "vendors": ["monetizemore", "monetizemore$PRODUCT$advanced_ads", "wordpress", "wordpress$PRODUCT$wordpress"]}