CVE-2025-6459

Name of the Vulnerable Software and Affected Versions: The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin versions up to, and including, 4.89

Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the bsaCreateAdTemplate function. This allows unauthenticated attackers to inject and execute arbitrary PHP code via a forged request if they can trick a site administrator into performing an action such as clicking on a link.

Recommendations: For versions up to, and including, 4.89, consider disabling the bsaCreateAdTemplate function until a patch is available to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.