CVE Catalog
CVE-2026-57335
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk0.23%
14th percentile — higher than 14% of all known CVEs
Summary
The Ads by WPQuads plugin version 3.0.3 and earlier contains a broken access control vulnerability exploitable by subscribers. This allows a subscriber-level user to gain unauthorized access to advertising features.
Risk Assessment
The risk is that subscribers can modify or display ads without proper permissions, potentially leading to content integrity issues and financial losses.
Recommendation
It is recommended to immediately update the Ads by WPQuads plugin to the latest available version that fixes this vulnerability. Also review user permissions and restrict subscriber roles to the minimum.
Original NVD description (English source)
Subscriber Broken Access Control in Ads by WPQuads <= 3.0.3 versions.

