CVE Catalog

CVE-2026-57335

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.23%

14th percentile — higher than 14% of all known CVEs

Summary

The Ads by WPQuads plugin version 3.0.3 and earlier contains a broken access control vulnerability exploitable by subscribers. This allows a subscriber-level user to gain unauthorized access to advertising features.

Risk Assessment

The risk is that subscribers can modify or display ads without proper permissions, potentially leading to content integrity issues and financial losses.

Recommendation

It is recommended to immediately update the Ads by WPQuads plugin to the latest available version that fixes this vulnerability. Also review user permissions and restrict subscriber roles to the minimum.

Original NVD description (English source)

Subscriber Broken Access Control in Ads by WPQuads <= 3.0.3 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS