PT-2026-40559 · WordPress · Broadstreet
Greenhats
·
Published
2026-05-13
·
Updated
2026-05-13
·
CVE-2025-9988
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Broadstreet versions prior to 1.53.2
Description
The Broadstreet plugin for WordPress allows unauthorized access because it fails to perform a capability check on the 'create advertiser' AJAX action. This allows authenticated users with Subscriber-level permissions or higher to create advertisers.
Recommendations
Update to a version later than 1.53.1.
As a temporary workaround, restrict access to the 'create advertiser' AJAX action to prevent unauthorized advertiser creation.
Fix
Improper Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Broadstreet