CVE-2025-10487 is a remote code execution vulnerability identified in the Advanced Ads – Ad Manager & AdSense plugin for WordPress, affecting all versions up to and including 2.0.12. The vulnerability stems from the select_one() function, which handles AJAX requests without proper access restrictions or function call limitations. Specifically, the endpoint allows unauthenticated attackers to invoke arbitrary functions beginning with get_the_, such as get_the_excerpt, which can lead to information disclosure and potentially enable code injection attacks. This improper control of code generation (classified under CWE-94) means attackers can execute unintended code on the server, compromising the confidentiality, integrity, and availability of the affected WordPress site. The vulnerability has a CVSS 3.1 base score of 7.3, indicating high severity, with attack vector network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and impacts on confidentiality, integrity, and availability. Although no known exploits are currently in the wild, the vulnerability's characteristics make it a serious risk, especially given the widespread use of WordPress and the plugin in question. The lack of patch links suggests that a fix may not yet be publicly available, emphasizing the need for immediate mitigation steps.

For European organizations, this vulnerability poses a significant risk due to the widespread use of WordPress as a content management system and the popularity of the Advanced Ads plugin for managing online advertising revenue. Exploitation could allow attackers to execute arbitrary code remotely without authentication, leading to unauthorized data access, website defacement, or service disruption. This could result in the exposure of sensitive customer data, loss of advertising revenue, reputational damage, and potential regulatory penalties under GDPR for data breaches. Organizations in sectors heavily reliant on online advertising, such as media, e-commerce, and digital marketing agencies, are particularly vulnerable. Additionally, compromised websites could be leveraged for further attacks, including malware distribution or phishing campaigns targeting European users. The broad attack surface and ease of exploitation increase the likelihood of targeted attacks, especially against high-profile or high-traffic websites.

1. Immediate update: Organizations should upgrade the Advanced Ads – Ad Manager & AdSense plugin to the latest version once a patch is released by the vendor. 2. Access control: Until a patch is available, restrict access to the vulnerable AJAX endpoint by implementing web application firewall (WAF) rules that block unauthenticated requests to the select_one() function or related AJAX endpoints. 3. Disable or limit plugin functionality: If feasible, temporarily disable the Advanced Ads plugin or restrict its features to reduce the attack surface. 4. Monitor logs: Enable detailed logging and monitor for unusual AJAX requests or function calls starting with get_the_ to detect potential exploitation attempts. 5. Harden WordPress installations: Ensure WordPress core, themes, and other plugins are up to date, and apply principle of least privilege to user accounts. 6. Network segmentation: Isolate web servers hosting WordPress sites to limit lateral movement in case of compromise. 7. Incident response readiness: Prepare to respond to potential breaches by backing up data regularly and having a recovery plan. 8. Engage with the vendor: Follow monetizemore communications for patch releases and security advisories.