WordPress Plugin Vulnerabilities

Ads by WPQuads < 2.0.88 - Missing Authorization

Description

The Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.0.87.1. This makes it possible for unauthenticated attackers to perform an unauthorized action.

Affects Plugins

Plugin icon
quick-adsense-reloaded
Fixed in 2.0.88

References

CVE
CVE-2025-30855
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/9fa5f9c2-47f3-4280-ac92-facbeb4816ec

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
astra.r3verii
Verified
No
WPVDB ID
f9b89331-ee81-4edf-901d-edfe515a13b0

Timeline

Publicly Published
2025-03-27 (about 11 months ago)
Added
2025-04-02 (about 11 months ago)
Last Updated
2025-04-02 (about 11 months ago)

Other

Published
Title
Published
2025-04-01
Title
Zoho Flow < 2.13.4 - Missing Authorization
Published
2025-10-30
Title
Booster for WooCommerce < 7.5.0 - Missing Authorization
Published
2023-12-05
Title
RegistrationMagic < 5.2.3.1 - Missing Authorization
Published
2025-06-19
Title
WooCommerce Manager – Customize and Control Cart page, Add to Cart button, Checkout fields easily <= 1.2.4.5 - Missing Authorization
Published
2024-11-08
Title
Th Shop Mania < 1.5.0 - Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation