CVE-2025-12884 - Advanced Ads – Ad Manager & AdSense <= 2.0.14 - missing authorization to authent...

CVE ID : CVE-2025-12884 Published : Feb. 19, 2026, 3:25 a.m. | 50 minutes ago Description : The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 2.0.14. This is due to the plugin not properly verifying that a user is authorized to perform an action in the `placement_update_item()` function. This makes it possible for authenticated attackers, with subscriber-level access and above, to update ad placements, allowing them to change which ad or ad group a placement serves. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...