VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 7 known issues Latest disclosed Mar 17, 2017

Simple Ads Manager Vulnerabilities

Review known vulnerability records for the WordPress plugin Simple Ads Manager (`simple-ads-manager`), including severity, CVE references, affected versions, and patch status.

View on WordPress.org Back to Feed
Known Records
7
High or Critical
6
Patch Coverage
100%
Last Updated
Jan 22, 2024
Priority CVE Quick Links

Fast paths into Simple Ads Manager CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
3
CVE-2015-2824 Critical 2.7.97
CVE-2015-2824 Simple Ads Manager SQL Injection

Simple Ads Manager < 2.7.97 - Multiple SQL Injections

CVE-2015-2825 Critical 2.5.96
CVE-2015-2825 Simple Ads Manager Arbitrary File Upload

Simple Ads Manager <= 2.5.94 - Arbitrary File Upload

CVE-2015-2826 Medium 2.5.97
CVE-2015-2826 Simple Ads Manager Vulnerability

Simple Ads Manager 2.5.94 & 2.5.96 - Information Disclosure

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Simple Ads Manager so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
7 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
3 critical and 3 high severity findings.
Recent CVEs
This page still provides patch and version coverage even when a CVE ID is not listed.
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Critical Patch path listed

Simple Ads Manager <= 2.9.4.116 - SQL Injection

The Simple Ads Manager plugin for WordPress is vulnerable to unspecified SQL Injection via the ‘whereClause’ parameter in versions up to, and including, 2.9.4.116 due to insufficient escapin...

Published
Dec 30, 2015
Patch Status
2.9.5.118
Open Full Report
Known Vulnerabilities

Reports for Simple Ads Manager

Sorted by latest disclosure date so newly published issues surface first.

Plugin High Patched: Yes
Simple Ads Manager <= 2.9.8.125 - Unauthenticated PHP Objection Injection

The Simple Ads Manager plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.9.8.125 via deserialization of untrusted input in the vulnerable function 'unserialize'. This allows unauthenticated attackers to inject a PHP Object. No POP chai...

Published
Mar 17, 2017
Patched Release
2.10.0.130
Affected Versions
Versions before 2.10.0.130
Next Step
Update to 2.10.0.130 or newer if supported.
Open Full Report
Plugin High Patched: No
SAM Pro (Free Edition) < 1.9.7.69 & Simple Ads Manager <= 2.10.0.130 & SAM Pro Lite < 1.9.0.53 - Local/Remote File Inclusion

The SAM Pro (Free Edition) plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.9.7.68 via the 'wap' parameter. This allows authenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP co...

Published
Oct 10, 2016
Patched Release
Not published
Affected Versions
Versions up to 2.10.0.130
Next Step
Open the full report for remediation notes and references.
Open Full Report
Plugin Critical Patched: Yes
Simple Ads Manager <= 2.9.4.116 - SQL Injection

The Simple Ads Manager plugin for WordPress is vulnerable to unspecified SQL Injection via the ‘whereClause’ parameter in versions up to, and including, 2.9.4.116 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL qu...

Published
Dec 30, 2015
Patched Release
2.9.5.118
Affected Versions
Versions before 2.9.5.118
Next Step
Update to 2.9.5.118 or newer if supported.
Open Full Report
Plugin High Patched: Yes
Simple Ads Manager < 2.9.4.116 - Denial of Service

The Simple Ads Manager Plugin for WordPress is vulnerable to Denial of Service in versions before 2.9.4.116. This is due to an input validation flaw that allows an attacker to perform simple file system operations which can result in a denial of service. This makes it possible fo...

Published
Jul 02, 2015
Patched Release
2.9.4.116
Affected Versions
Versions before 2.9.4.116
Next Step
Update to 2.9.4.116 or newer if supported.
Open Full Report
Plugin Medium Patched: Yes CVE-2015-2826
CVE-2015-2826: Simple Ads Manager 2.5.94 & 2.5.96 - Information Disclosure

WordPress Simple Ads Manager plugin 2.5.94 and 2.5.96 allows remote attackers to obtain sensitive information.

Published
Apr 02, 2015
Patched Release
2.5.97
Affected Versions
2.5.94 through 2.5.94
Next Step
Update to 2.5.97 or newer if supported.
Open CVE-2015-2826 Report Open CVE Reference
Plugin Critical Patched: Yes CVE-2015-2824
CVE-2015-2824: Simple Ads Manager < 2.7.97 - Multiple SQL Injections

Multiple SQL injection vulnerabilities in the Simple Ads Manager plugin before 2.7.97 for WordPress allow remote attackers to execute arbitrary SQL commands via a (1) hits[][] parameter in a sam_hits action to sam-ajax.php; the (2) cstr parameter in a load_posts action to sam-aja...

Published
Apr 02, 2015
Patched Release
2.7.97
Affected Versions
Versions before 2.7.97
Next Step
Update to 2.7.97 or newer if supported.
Open CVE-2015-2824 Report Open CVE Reference
Plugin Critical Patched: Yes CVE-2015-2825
CVE-2015-2825: Simple Ads Manager <= 2.5.94 - Arbitrary File Upload

Unrestricted file upload vulnerability in sam-ajax-admin.php in the Simple Ads Manager plugin before 2.5.96 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the...

Published
Apr 01, 2015
Patched Release
2.5.96
Affected Versions
Versions up to 2.5.94
Next Step
Update to 2.5.96 or newer if supported.
Open CVE-2015-2825 Report Open CVE Reference