CRITICAL
ad-manager-wd
CVE published 2026-06-04
CVE-2019-25727
CVE-2019-25727 is a critical vulnerability in WordPress Plugin ad manager wd 1.0.11. The vulnerability allows unauthenticated attackers to download sensitive files by manipulating the path parameter. Attackers can send GET requests to the edit.php endpoint with export=export_csv and a malicious path parameter to read arbitrary files like wp-config.php accessible to the web server. The CVSS score for this [truncated]