Primary

Context

Broadstreet WordPress Plugin Missing Authorization Vulnerability in Advertiser Creation

Vulnerability

A vulnerability exists in the Broadstreet plugin for WordPress, allowing unauthorized access to the create_advertiser AJAX action. This issue affects all versions through 1.53.1. The vulnerability arises from a lack of capability checks, enabling authenticated attackers with Subscriber-level access and above to create advertisers.

Impact

Exploitation of this vulnerability allows for unauthorized creation of advertiser profiles, which could be misused for fraudulent activities or to manipulate advertising campaigns.

Remediation

Users can update to Broadstreet version 1.53.2 or a newer patched version to address this vulnerability.

Added: May 13, 2026, 4:54 PM

Updated: May 13, 2026, 4:54 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.9

remediation

0.0

relevance

8.2

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.9

remediation

0.0

relevance

8.2

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Broadstreet WordPress Plugin Missing Authorization Vulnerability in Advertiser Creation

Vulnerability

Impact

Remediation

Affected Products

Broadstreet

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating