Cross-Site Request Forgery Vulnerability in Ads Pro Plugin for WordPress
CVE-2025-6459

8.8HIGH

Key Information:

Vendor: WordPress
Status: Ads Pro Plugin - Multi-purpose WordPress Advertising Manager
Vendor: CVE Published:; 2 July 2025

What is CVE-2025-6459?

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager is susceptible to Cross-Site Request Forgery, stemming from inadequate or missing nonce validation in the bsaCreateAdTemplate function. This vulnerability allows unauthenticated attackers to execute arbitrary PHP code by tricking site administrators into making requests that could compromise the site's integrity.

Affected Version(s)

Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager * <= 4.89

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://codecanyon.net/item/ads-pro-plugin-multipurpose-w...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 2, 2025
Vulnerability Reserved
Jun 20, 2025

Credit

Trương Hữu Phúc (truonghuuphuc)