Lucene search
K

WordPress Woody Ad Snippets <2.2.5 - Cross-Site Scripting/Remote Code Execution

🗓️ 01 Jul 2026 03:36:47Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 24 Views

WordPress Woody Ad Snippets <2.2.5 - Cross-Site Scripting/Remote Code Execution, allows unauthenticated options import leading to remote code execution and unauthorized access

Related
Refs
Code
ReporterTitlePublishedViews
Family
GithubExploit
Exploit for Missing Authentication for Critical Function in Webcraftic Woody_Ad_Snippets
12 Sep 201921:52
githubexploit
Circl
CVE-2019-15858
14 Nov 202406:07
circl
CNVD
WordPress Woody ad snippets plugin cross-site scripting vulnerability
5 Sep 201900:00
cnvd
CVE
CVE-2019-15858
3 Sep 201906:14
cve
Cvelist
CVE-2019-15858
3 Sep 201906:14
cvelist
NVD
CVE-2019-15858
3 Sep 201907:15
nvd
OpenVAS
WordPress Woody ad snippets Plugin < 2.2.5 Multiple Vulnerabilities
12 Sep 201900:00
openvas
OSV
CVE-2019-15858
3 Sep 201907:15
osv
Prion
Remote code execution
3 Sep 201907:15
prion
RedhatCVE
CVE-2019-15858
22 May 202506:35
redhatcve
Rows per page
id: CVE-2019-15858

info:
  name: WordPress Woody Ad Snippets <2.2.5 - Cross-Site Scripting/Remote Code Execution
  author: dwisiswant0,fmunozs,patralos
  severity: high
  description: |
    WordPress Woody Ad Snippets prior to 2.2.5 is susceptible to cross-site scripting and remote code execution via admin/includes/class.import.snippet.php, which allows unauthenticated options import as demonstrated by storing a cross-site scripting payload for remote code execution.
  impact: |
    Successful exploitation of this vulnerability could lead to unauthorized access, data theft, and remote code execution.
  remediation: |
    Update to the latest version of the Woody Ad Snippets plugin (2.2.5) or apply the vendor-provided patch to mitigate the vulnerability.
  reference:
    - https://github.com/GeneralEG/CVE-2019-15858
    - https://blog.nintechnet.com/multiple-vulnerabilities-in-wordpress-woody-ad-snippets-plugin-lead-to-remote-code-execution/
    - https://wpvulndb.com/vulnerabilities/9490
    - https://nvd.nist.gov/vuln/detail/CVE-2019-15858
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
    cvss-score: 8.8
    cve-id: CVE-2019-15858
    cwe-id: CWE-306
    epss-score: 0.20813
    epss-percentile: 0.97229
    cpe: cpe:2.3:a:webcraftic:woody_ad_snippets:*:*:*:*:*:wordpress:*:*
  metadata:
    max-request: 1
    vendor: webcraftic
    product: woody_ad_snippets
    framework: wordpress
  tags: cve,cve2019,wordpress,wp-plugin,xss,wp,webcraftic,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-content/plugins/insert-php/readme.txt"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        negative: true
        words:
          - "2.2.5"

      - type: word
        part: body
        words:
          - "Changelog"

      - type: word
        part: body
        words:
          - "Woody ad snippets"

      - type: status
        status:
          - 200
# digest: 4a0a0047304502210098c879051f1313dd13a1b78e9c652e368097327a96879bb015dd4a2775d3b8de02205a7fef173724d89bb85066e6fcfa0695ff850d3082f85dca4d6aab79b096177f:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.7High risk
Vulners AI Score7.7
CVSS 26.8
CVSS 3.18.8
EPSS0.20813
24