What is this Vulnerability vulnerability?

this Vulnerability vulnerability is tracked as a Vulnerability issue affecting the Plugin Simple Ads Manager.

Which Simple Ads Manager versions are affected?

The primary affected range is Versions before 2.9.4.116.

How should operators remediate this Vulnerability vulnerability?

Update to 2.9.4.116 or newer where that release is compatible with the site.

Vulnerability Report

Plugin High Patch path listed

Simple Ads Manager < 2.9.4.116 - Denial of Service

The Simple Ads Manager Plugin for WordPress is vulnerable to Denial of Service in versions before 2.9.4.116. This is due to an input validation flaw that allows an attacker to perform simple file system operations which can result in a denial of service. This makes it possible for unauthenticated attackers to affected website to consume memory and CPU resources, thus denying service to legitimate users.

Quick Answer

This vulnerability is a high severity with CVSS 7.5 Vulnerability issue affecting the Plugin Simple Ads Manager. It affects Versions before 2.9.4.116 and is fixed in 2.9.4.116.

Back to Feed View Plugin Hub

Published

Jul 02, 2015

Last Updated

Jan 22, 2024

Slug

simple-ads-manager

Risk Profile

7.5 CVSS Score

Weakness

Uncontrolled Resource Consumption

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Researchers

Michael Kapfer

Operational Summary

What the operator needs to know

Share Email

Patch Status

Patched release is available

Remediation

Update to version 2.9.4.116, or a newer patched version

Operator Briefing

the tracked vulnerability is tracked for the Plugin Simple Ads Manager as high severity with CVSS 7.5. The affected range is Versions before 2.9.4.116. Update Simple Ads Manager to 2.9.4.116 or newer where that version is compatible with the site.

Issue Type

Vulnerability

Primary Fixed Version

2.9.4.116

Primary Affected Range

Versions before 2.9.4.116

Tracking ID

964601d5-8460-41c5-9791-ff9e3af964e3

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/964601d5-8460-41c5-9791-ff9e3af964e3?source=api-prod

Detailed Metadata

Software Type	Plugin
Software Slug	simple-ads-manager View on wordpress.org
CVE	No linked CVE entry.
Patched Versions	2.9.4.116
Affected Versions	Versions before 2.9.4.116

Related CVE Cluster

Related CVEs for Simple Ads Manager

These internal links group the same WordPress plugin by CVE, issue type, severity, and patch status so operators and search engines can connect the full vulnerability cluster.

Critical CVE-2015-2824 2.7.97 Apr 02, 2015

CVE-2015-2824 Simple Ads Manager SQL Injection

Simple Ads Manager < 2.7.97 - Multiple SQL Injections

Critical CVE-2015-2825 2.5.96 Apr 01, 2015

CVE-2015-2825 Simple Ads Manager Arbitrary File Upload

Simple Ads Manager <= 2.5.94 - Arbitrary File Upload

Medium CVE-2015-2826 2.5.97 Apr 02, 2015

CVE-2015-2826 Simple Ads Manager Vulnerability

Simple Ads Manager 2.5.94 & 2.5.96 - Information Disclosure

Critical 2.9.5.118 Dec 30, 2015

Simple Ads Manager SQL Injection

Simple Ads Manager <= 2.9.4.116 - SQL Injection

High No patch listed Oct 10, 2016

Simple Ads Manager Local File Inclusion

SAM Pro (Free Edition) < 1.9.7.69 & Simple Ads Manager <= 2.10.0.130 & SAM Pro Lite < 1.9.0.53 - Local/Remote File Inclusion

High 2.10.0.130 Mar 17, 2017

Simple Ads Manager Vulnerability

Simple Ads Manager <= 2.9.8.125 - Unauthenticated PHP Objection Injection

Licensing Notices

This record contains material that is subject to copyright

DEFIANT

License: Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy. Read more