What is Local File Inclusion (LFI)?

Local File Inclusion (LFI) is a vulnerability that allows an attacker to include files from the server's file system. If not properly sanitized, this can lead to the execution of arbitrary code.

What is Cross-Site Scripting (XSS)?

Cross-Site Scripting (XSS) is a vulnerability that allows an attacker to inject malicious scripts into web pages viewed by other users. These scripts can steal sensitive information or perform actions on behalf of the user.

How do I update the Ads Pro Plugin?

You can update the Ads Pro Plugin through the WordPress admin dashboard by navigating to the Plugins section and clicking 'Update' next to the Ads Pro Plugin. Alternatively, you can use the `wp plugin update ap-plugin-scripteo` command via WP-CLI.

What are the risks of not patching these vulnerabilities?

Failing to patch CVE-2025-46444 can lead to unauthenticated remote code execution, allowing attackers to completely compromise your website. Not patching CVE-2025-46464 can allow attackers to inject malicious scripts, potentially stealing user data or defacing your website.

NextGuard

Back to blog

CVSS 9.8CVE-2025-46444CVE-2025-46464

Ads Pro Plugin: CVE-2025-46444 & CVE-2025-46464

Critical vulnerabilities in WordPress Ads Pro Plugin (<= 5.0): LFI (CVE-2025-46444), XSS (CVE-2025-46464). Update now! Unauthenticated RCE risk.

Published on April 3, 2026

Two vulnerabilities have been discovered in the Ads Pro Plugin for WordPress. These vulnerabilities, CVE-2025-46444 (LFI) and CVE-2025-46464 (XSS), pose a significant risk to websites using the plugin. A patch is available via plugin update.

CVE-2025-46444 has a critical CVSS score of 9.8, indicating a high risk of remote code execution.

What is Ap Plugin Scripteo?

Ap Plugin Scripteo, also known as Ads Pro Plugin, is a WordPress plugin designed for managing and displaying advertisements on WordPress websites. It provides features for creating, scheduling, and tracking ads. To learn more, you can search all ap-plugin-scripteo CVEs. ap-plugin-scripteo is a component for wordpress.

CVE-2025-46444: Unauthenticated Local File Inclusion in Ads Pro Plugin

CVSS9.8

Affected versionsThis vulnerability affects Ads Pro Plugin versions up to and including 4.89.

Critical: Allows unauthenticated remote code execution.

EPSS score of 0.547 suggests moderate exploitability.

The Ads Pro Plugin is vulnerable to Local File Inclusion (LFI). An unauthenticated attacker can include and execute arbitrary files on the server, potentially leading to remote code execution.

How to fix CVE-2025-46444 in Ap Plugin Scripteo

Patch immediately

1.Update the Ads Pro Plugin to the latest version.

Update Ads Pro Plugin

wp plugin update ap-plugin-scripteo

Verify with:

verify

wp plugin list

Workaround: No known workaround is available. Immediate patching is highly recommended.

NextGuard automatically flags CVE-2025-46444 if Ap Plugin Scripteo appears in any of your monitored projects — no manual lookup required.

CVE-2025-46464: Authenticated Stored Cross-Site Scripting in Ads Pro Plugin

CVSS6.4

Affected versionsThis vulnerability affects Ads Pro Plugin versions up to and including 5.0. Contributor-level access or higher is required to exploit this vulnerability.

Medium: Requires authentication, but allows script injection.

EPSS score of 0.143 indicates low exploitability.

The Ads Pro Plugin is vulnerable to Stored Cross-Site Scripting (XSS). Authenticated attackers with contributor-level access or higher can inject arbitrary web scripts into pages.

How to fix CVE-2025-46464 in Ap Plugin Scripteo

Patch within 24h

1.Update the Ads Pro Plugin to the latest version.

Update Ads Pro Plugin

wp plugin update ap-plugin-scripteo

Verify with:

verify

wp plugin list

Workaround: Restrict contributor access and carefully review user-submitted content.

NextGuard automatically flags CVE-2025-46464 if Ap Plugin Scripteo appears in any of your monitored projects.

Stay ahead of WordPress vulnerabilities

Proactively identify and remediate WordPress vulnerabilities with continuous monitoring. monitor your wordpress dependencies.

Compare Plans

Frequently asked questions

The Ads Pro Plugin vulnerabilities pose a significant risk to WordPress websites. Ensure you update to the latest version of the plugin to mitigate these risks and see all wordpress vulnerabilities.