What the vulnerability does
01Description
Missing Authorization vulnerability in themebeez Universal Google Adsense and Ads manager universal-google-adsense-and-ads-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Universal Google Adsense and Ads manager: from n/a through <= 1.1.8.
Explanation of Vulnerability in Simple Terms
02Summary
The Universal Google Adsense and Ads Manager plugin for WordPress contains a missing authorization check that allows unauthenticated attackers to modify ad settings or content. An attacker can send a crafted network request to alter the plugin's configuration without needing to log in or interact with a site administrator. This affects all versions up to 1.1.8.
What an attacker can do
03Attacker Capabilities
Modify ad settings or plugin configuration without logging in.
Potential impact on your site
04Site Impact
Ad campaigns or plugin settings could be altered by unauthorized parties, affecting ad revenue or site functionality.
Conditions required to exploit
05Prerequisites
Network access to the site; no authentication or user interaction required.
Key dates
06Disclosure timeline
January 23, 2026
CVE published
April 28, 2026
Record updated