Webcraftic Woody Ad Snippets vulnerabilities
3 known vulnerabilities affecting webcraftic/woody_ad_snippets.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2019-15858P2HIGHCVSS 8.8PoCfixed in 2.2.52019-09-03
CVE-2019-15858 [HIGH] CWE-306 CVE-2019-15858: admin/includes/class.import.snippet.php in the "Woody ad snippets" plugin before 2.2.5 for WordPress
admin/includes/class.import.snippet.php in the "Woody ad snippets" plugin before 2.2.5 for WordPress allows unauthenticated options import, as demonstrated by storing an XSS payload for remote code execution.
nvd
CVE-2019-14773P3HIGHCVSS 7.5≤ 2.2.52019-08-08
CVE-2019-14773 [HIGH] CVE-2019-14773: admin/includes/class.actions.snippet.php in the "Woody ad snippets" plugin through 2.2.5 for WordPre
admin/includes/class.actions.snippet.php in the "Woody ad snippets" plugin through 2.2.5 for WordPress allows wp-admin/admin-post.php?action=close&post= deletion.
nvd
CVE-2019-16289P4MEDIUMCVSS 5.4fixed in 2.2.82019-09-13
CVE-2019-16289 [MEDIUM] CWE-79 CVE-2019-16289: The insert-php (aka Woody ad snippets) plugin before 2.2.8 for WordPress allows authenticated XSS vi
The insert-php (aka Woody ad snippets) plugin before 2.2.8 for WordPress allows authenticated XSS via the winp_item parameter.
nvd