cbcvebase.
CVE-2019-15858
published 2019-09-03

CVE-2019-15858: admin/includes/class.import.snippet.php in the "Woody ad snippets" plugin before 2.2.5 for WordPress allows unauthenticated options import, as demonstrated by…

PriorityP265high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
20.81%
97.2th percentile
admin/includes/class.import.snippet.php in the "Woody ad snippets" plugin before 2.2.5 for WordPress allows unauthenticated options import, as demonstrated by storing an XSS payload for remote code execution.

Affected

1 ranges
VendorProductVersion rangeFixed in
webcrafticwoody_ad_snippets< 2.2.52.2.5

Detection & IOCsextracted from sources · hover to see the quote

pathadmin/includes/class.import.snippet.php
  • Probe for vulnerable plugin version by fetching the readme.txt of the 'insert-php' (Woody Ad Snippets) plugin and checking that the body contains 'Changelog' and 'Woody ad snippets' but does NOT contain version string '2.2.5'.
  • The vulnerability is exploitable without authentication — any unauthenticated HTTP request to the import endpoint (admin/includes/class.import.snippet.php) can import arbitrary options, including XSS/RCE payloads.
  • ·The Nuclei template uses only a single GET request to the readme.txt file for version detection; it does not actively exploit the import endpoint. A 200 response containing 'Changelog' and 'Woody ad snippets' without '2.2.5' indicates a vulnerable installation.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.