EUVD-2020-24200

Malware in sbrugna...

CVE-2024-3105

The Woody code snippets – Insert Header Footer Code, AdSense Ads plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.5.0 via the 'insertphp' shortcode. This is due to the plugin not restricting the usage of the functionality to high level authorized...

CVE-2024-3105 Woody code snippets – Insert Header Footer Code, AdSense Ads <= 2.5.0 -Authenticated (Contributor+) Remote Code Execution

The Woody code snippets – Insert Header Footer Code, AdSense Ads plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.5.0 via the 'insertphp' shortcode. This is due to the plugin not restricting the usage of the functionality to high level authorized...

WordPress plugin Woody code snippets security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Woody code snippets – Insert Header Footer Code, AdSense Ads < 2.5.1 -Authenticated (Contributor+) Remote Code Execution

Description The Woody code snippets – Insert Header Footer Code, AdSense Ads plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.5.0 via the 'insertphp' shortcode. This is due to the plugin not restricting the usage of the functionality to high leve...

WordPress Woody code snippets plugin <= 2.5.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Savphill Patchstack Alliance in WordPress Plugin Woody ad snippets versions = 2.5.0...

CVE-2020-36759

The Woody code snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.9. This is due to missing or incorrect nonce validation on the runActions function. This makes it possible for unauthenticated attackers to activate and deactivate snippe...

Cross site request forgery (csrf)

The Woody code snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.9. This is due to missing or incorrect nonce validation on the runActions function. This makes it possible for unauthenticated attackers to activate and deactivate snippe...

WordPress Plugin Woody code snippets Cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

Woody Code Snippets < 2.4.6 - Reflected Cross-Site Scripting

The plugin does not escape a generated URLs before outputting them back in an attribute, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/edit.php?posttype=wbcr-snippets&page=import-wbcrinsertphp&a"alert/XSS/...

WordPress Woody Code Snippets plugin <= 2.4.5 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by WPScanTeam in WordPress Woody Code Snippets plugin versions = 2.4.5. Solution Update the WordPress Woody Code Snippets plugin to the latest available version at least 2.4.6...

Woody Code Snippets < 2.4.6 - Reflected Cross-Site Scripting

The plugin does not escape a generated URLs before outputting them back in an attribute, leading to Reflected Cross-Site Scripting PoC https://example.com/wp-admin/edit.php?posttype=wbcr-snippets=import-wbcrinsertphp"...