CVE Alert: CVE-2025-10487 – monetizemore – Advanced Ads – Ad Manager & AdSense
CVE-2025-10487
The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.12 via the select_one() function. This is due to the endpoint not properly restricting access to the AJAX endpoint or limiting the functions that can be called to safe functions. This makes it possible for unauthenticated attackers to call arbitrary functions beginning with get_the_ like get_the_excerpt which can make information exposure possible.
AI Summary Analysis
Risk verdict
High risk due to unauthenticated remote code execution in the affected plugin; patch promptly as exploitation could be attempted without user interaction.
Why this matters
Unauthenticated access to the vulnerable AJAX endpoint allows arbitrary functions to be invoked, potentially exposing data and enabling further compromise of the WordPress site. The remote access paves the way for code execution with attacker-controlled input, risking defacement, data exfiltration, and secondary compromises of connected services.
Most likely attack path
An attacker directly targets the WordPress admin-ajax.php endpoint, sending requests that trigger get_the_* functions without authentication. No user interaction or privileges are required, making it a straightforward network-based abuse. The impact is limited by the CVSS metrics to localised data exposure and possible code execution within the site’s scope; lateral movement would rely on existing site configurations and adjacent nooks of the WP environment.
Who is most exposed
Sites running the affected Advanced Ads plugin on WordPress, especially public-facing installations with exposed admin-ajax endpoints or lax access controls, are the primary risk. Publishers and agencies with monetized ad deployments are common deployments.
Detection ideas
- spikes or bursts of GET/POST requests to /wp-admin/admin-ajax.php with unusual action values starting with get_the_.
- multiple occurrences of error traces or PHP warnings tied to AJAX handlers.
- unexpected new PHP files or وكالة code patterns in the plugin directory.
- WAF/IDS alerts for arbitrary function-call attempts via admin-ajax endpoints.
- anomalous data reads or exfiltration patterns from ad-related endpoints.
Mitigation and prioritisation
- Patch to latest version (upgrade to 2.0.13+ or vendor-recommended fix) or remove the plugin if not essential.
- Restrict unauthenticated access to admin-ajax.php (e.g., IP allowlists, or disable for non-admin users).
- Implement WAF rules to block requests invoking get_the_* functions or abnormal AJAX actions.
- Enable enhanced logging and monitor for indicators of compromise; review access controls and plugin integrations.
- Change-management: test patch in staging, then deploy; notify stakeholders of exposure and remediation timeline.
Support Our Work
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.
