CVE-2024-13322: 
WordPress vulnerability analysis and mitigation

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress contains a security vulnerability tracked as CVE-2024-13322. This vulnerability affects all versions up to and including 4.88. The issue was discovered and reported by Wordfence, and was officially published on May 2, 2025 (NVD, Wiz).

The vulnerability is classified as CWE-89 (SQL Injection) and involves insufficient escaping of the 'a_id' parameter along with inadequate preparation of SQL queries. It has received a CVSS v3.1 base score of 7.5 (HIGH), with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. This indicates network accessibility, low attack complexity, no privileges required, and no user interaction needed (Wordfence, NVD).

The vulnerability enables unauthenticated attackers to extract sensitive information from the database through SQL injection attacks. The high confidentiality impact (C:H) in the CVSS score indicates that the vulnerability can lead to significant data exposure. The exploitation probability (EPSS) is rated at 15.1%, placing it in the 94.2 percentile of likely exploits (Wiz).

Users of the Ads Pro Plugin are strongly advised to upgrade to a version newer than 4.88 as soon as possible, as the vulnerability affects all versions up to and including version 4.88 (Wiz).