CVE-2026-54816
Deferred Deferred - Pending Action

Code Injection in Advanced Ads Plugin

Vulnerability report for CVE-2026-54816, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-17

Last updated on: 2026-06-17

Assigner: Patchstack

Description

Improper Control of Generation of Code ('Code Injection') vulnerability in Monetizemore Advanced Ads allows Remote Code Inclusion. This issue affects Advanced Ads: from n/a through 2.0.21.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-17
Last Modified
2026-06-17
Generated
2026-07-07
AI Q&A
2026-06-17
EPSS Evaluated
2026-07-06
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
monetizemore advanced_ads to 2.0.21 (inc)
monetizemore advanced_ads From 2.0.0 (inc) to 2.0.21 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The vulnerability allows remote code execution, which could lead to unauthorized access and control over affected websites. Such a compromise can result in exposure or manipulation of sensitive data, potentially violating data protection requirements under standards like GDPR and HIPAA.

Failure to promptly mitigate this vulnerability may lead to non-compliance with these regulations due to inadequate protection of personal and sensitive information.

Executive Summary

CVE-2026-54816 is a Remote Code Execution (RCE) vulnerability in the WordPress Advanced Ads Plugin, affecting versions 2.0.21 and earlier. It is caused by improper control of code generation, also known as code injection, which allows an attacker to include and execute arbitrary code remotely on the affected website.

This vulnerability is classified under OWASP Top 10 A3: Injection, indicating it involves injection flaws that can lead to serious security breaches.

Impact Analysis

This vulnerability can have a significant impact as it allows attackers to execute arbitrary commands on affected websites. This means an attacker could potentially gain full control over the website, leading to data theft, website defacement, unauthorized access, or further attacks on users.

Because of its high severity (CVSS score 7.5), it is expected to be targeted in mass-exploit campaigns, increasing the risk of widespread compromise if not mitigated promptly.

Mitigation Strategies

Immediate mitigation is advised to prevent exploitation of the Remote Code Execution vulnerability in Advanced Ads plugin versions 2.0.21 and earlier.

  • Update the Advanced Ads plugin to version 2.0.22 or later.
  • Alternatively, apply the mitigation rule provided by Patchstack.
Detection Guidance

The provided resources do not include specific detection methods or commands to identify the CVE-2026-54816 vulnerability on your network or system.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-54816. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart