CVE-2025-59554 Advanced Ads GmbH CVE debrief

Who should care

Administrators and users of the Advanced Ads – Tracking plugin for WordPress, especially those using versions before 3.0.7, should be aware of this vulnerability and take immediate action to update or mitigate the risk.

Technical summary

The CVE-2025-59554 vulnerability is an unauthenticated SQL injection issue in the Advanced Ads – Tracking plugin for WordPress. It has a CVSS score of 9.3 and is classified as critical. The vulnerability exists in versions before 3.0.7 and allows attackers to inject malicious SQL code without authentication. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L, indicating a high impact on confidentiality and a moderate impact on availability.

Defensive priority

high

Recommended defensive actions

• Update the Advanced Ads – Tracking plugin to version 3.0.7 or later.
• Restrict access to the plugin's functionality to authenticated users only.
• Implement a Web Application Firewall (WAF) to detect and prevent SQL injection attacks.
• Regularly monitor plugin and WordPress core updates.
• Use a security scanner to identify potential vulnerabilities.
• Limit database privileges for the WordPress database user.
• Consider using a security plugin for WordPress to enhance protection.

Evidence notes

The information provided is based on data from the National Vulnerability Database (NVD) and Patchstack. The CVE record was published on June 17, 2026, and last modified on the same day. The vulnerability details are sourced from official databases and should be considered reliable.

Official resources