CVE-2025-13592
Unknown Unknown - Not Provided
Remote Code Execution in Advanced Ads WordPress Plugin

Publication date: 2025-12-29

Last updated on: 2025-12-29

Assigner: Wordfence

Description
The Advanced Ads plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.0.14 via the 'change-ad__content' shortcode parameter. This allows authenticated attackers with editor-level permissions or above, to execute code on the server.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-29
Last Modified
2025-12-29
Generated
2026-06-16
AI Q&A
2025-12-29
EPSS Evaluated
2026-06-15
NVD
CVE-2025-13592
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
advanced_ads plugin 2.0.14
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The Advanced Ads plugin for WordPress has a vulnerability in versions up to and including 2.0.14 that allows Remote Code Execution via the 'change-ad__content' shortcode parameter. This means that authenticated users with editor-level permissions or higher can execute arbitrary code on the server.

Impact Analysis

This vulnerability can allow attackers with editor-level access or above to execute arbitrary code on the server, potentially leading to full compromise of the server, data loss, data corruption, or unauthorized access to sensitive information.

Detection Guidance

To detect this vulnerability, you should check if your WordPress site is running the Advanced Ads plugin version 2.0.14 or earlier. You can verify the plugin version via the WordPress admin dashboard or by inspecting the plugin files. Additionally, monitoring for suspicious activity involving the 'change-ad__content' shortcode parameter in requests made by users with editor-level or higher permissions may help detect exploitation attempts. Since the vulnerability involves remote code execution via PHP eval() in ad content, you can search your server logs for unusual POST or PUT requests targeting ad content updates. Specific commands to check the plugin version on the server include: 1. Using WP-CLI: `wp plugin list | grep advanced-ads` 2. Checking the plugin version in the plugin's main PHP file: `grep 'Version:' wp-content/plugins/advanced-ads/advanced-ads.php` 3. Searching logs for suspicious shortcode parameter usage: `grep -r 'change-ad__content' /path/to/wordpress/wp-content/uploads/` or web server logs. However, no direct detection commands for exploit attempts are provided in the resources. [2]

Mitigation Strategies

The immediate mitigation step is to update the Advanced Ads plugin to version 2.0.15 or later, which addresses this vulnerability. The update includes multiple security and stability improvements that prevent the unsafe execution of PHP code via the 'change-ad__content' shortcode parameter. Until the update is applied, restrict editor-level or higher permissions to trusted users only, as the vulnerability requires authenticated users with such permissions to exploit. Additionally, consider disabling PHP execution in ad content if possible or applying web application firewall (WAF) rules to block suspicious requests targeting the vulnerable shortcode parameter. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-13592. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart