SQL Injection Vulnerability in Advanced Ads Plugin for WordPress
CVE-2025-12984

4.9MEDIUM

Key Information:

Vendor: WordPress
Status: Advanced Ads – ad Manager & Adsense
Vendor: CVE Published:; 17 January 2026

What is CVE-2025-12984?

The Advanced Ads – Ad Manager & AdSense plugin for WordPress is susceptible to an SQL Injection due to improper handling of the 'order' parameter. This vulnerability allows authenticated users with Administrator-level access to inject additional SQL commands into the existing SQL queries. Consequently, this can lead to unauthorized access to sensitive information stored in the database. Versions affected include all prior to 2.0.15. Proper validation and sanitization measures should be implemented to safeguard against such attacks.

Affected Version(s)

Advanced Ads – Ad Manager & AdSense 0 <= 2.0.15

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/advanced-ads/t...

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 17, 2026
Vulnerability Reserved
Nov 10, 2025

Credit

Supakiad S.

CVE-2025-12984 Data

JSON