CVE-2025-13592
Remote Code Execution in Advanced Ads WordPress Plugin
Publication date: 2025-12-29
Last updated on: 2025-12-29
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| advanced_ads | plugin | 2.0.14 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The Advanced Ads plugin for WordPress has a vulnerability in versions up to and including 2.0.14 that allows Remote Code Execution via the 'change-ad__content' shortcode parameter. This means that authenticated users with editor-level permissions or higher can execute arbitrary code on the server.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
To detect this vulnerability, you should check if your WordPress site is running the Advanced Ads plugin version 2.0.14 or earlier. You can verify the plugin version via the WordPress admin dashboard or by inspecting the plugin files. Additionally, monitoring for suspicious activity involving the 'change-ad__content' shortcode parameter in requests made by users with editor-level or higher permissions may help detect exploitation attempts. Since the vulnerability involves remote code execution via PHP eval() in ad content, you can search your server logs for unusual POST or PUT requests targeting ad content updates. Specific commands to check the plugin version on the server include: 1. Using WP-CLI: `wp plugin list | grep advanced-ads` 2. Checking the plugin version in the plugin's main PHP file: `grep 'Version:' wp-content/plugins/advanced-ads/advanced-ads.php` 3. Searching logs for suspicious shortcode parameter usage: `grep -r 'change-ad__content' /path/to/wordpress/wp-content/uploads/` or web server logs. However, no direct detection commands for exploit attempts are provided in the resources. [2]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the Advanced Ads plugin to version 2.0.15 or later, which addresses this vulnerability. The update includes multiple security and stability improvements that prevent the unsafe execution of PHP code via the 'change-ad__content' shortcode parameter. Until the update is applied, restrict editor-level or higher permissions to trusted users only, as the vulnerability requires authenticated users with such permissions to exploit. Additionally, consider disabling PHP execution in ad content if possible or applying web application firewall (WAF) rules to block suspicious requests targeting the vulnerable shortcode parameter. [1]
How can this vulnerability impact me? :
This vulnerability can allow attackers with editor-level access or above to execute arbitrary code on the server, potentially leading to full compromise of the server, data loss, data corruption, or unauthorized access to sensitive information.