6 matches found
WordPress Woody Ad Snippets <2.2.5 - Cross-Site Scripting/Remote Code Execution
WordPress Woody Ad Snippets prior to 2.2.5 is susceptible to cross-site scripting and remote code execution via admin/includes/class.import.snippet.php, which allows unauthenticated options import as demonstrated by storing a cross-site scripting payload for remote code execution. id:...
CVE-2019-15858
admin/includes/class.import.snippet.php in the "Woody ad snippets" plugin before 2.2.5 for WordPress allows unauthenticated options import, as demonstrated by storing an XSS payload for remote code execution...
Exploit for Missing Authentication for Critical Function in Webcraftic Woody_Ad_Snippets
CVE-2019-15858 Unauthenticated Remote Code Execution at Wood...
CVE-2019-15858
admin/includes/class.import.snippet.php in the "Woody ad snippets" plugin before 2.2.5 for WordPress allows unauthenticated options import, as demonstrated by storing an XSS payload for remote code execution...
CVE-2019-15858
CVE-2019-15858 concerns the WordPress plugin Woody Ad Snippets (before 2.2.5). The vulnerability arises in admin/includes/class.import.snippet.php, where an unauthenticated options import function can be abused to store a payload, enabling cross‑site scripting and, in turn, remote code execution....
CVE-2019-15858
admin/includes/class.import.snippet.php in the "Woody ad snippets" plugin before 2.2.5 for WordPress allows unauthenticated options import, as demonstrated by storing an XSS payload for remote code execution...