Lucene search

Woody Ad Snippets Security Vulnerabilities

cve

CVE-2019-14773

admin/includes/class.actions.snippet.php in the "Woody ad snippets" plugin through 2.2.5 for WordPress allows wp-admin/admin-post.php?action=close&post= deletion.

7.5CVSS

7.5AI Score

0.001EPSS

2019-08-08 08:15 PM

cve

CVE-2019-15858

admin/includes/class.import.snippet.php in the "Woody ad snippets" plugin before 2.2.5 for WordPress allows unauthenticated options import, as demonstrated by storing an XSS payload for remote code execution.

8.8CVSS

8.7AI Score

0.026EPSS

2019-09-03 07:15 AM

cve

CVE-2019-16289

The insert-php (aka Woody ad snippets) plugin before 2.2.8 for WordPress allows authenticated XSS via the winp_item parameter.

5.4CVSS

5.2AI Score

0.001EPSS

2019-09-13 03:15 PM

212

cve

CVE-2020-36759

The Woody code snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.9. This is due to missing or incorrect nonce validation on the runActions() function. This makes it possible for unauthenticated attackers to activate and deactivate snippe...

4.3CVSS

4.4AI Score

0.001EPSS

2023-10-20 08:15 AM

cve

CVE-2024-3105

The Woody code snippets – Insert Header Footer Code, AdSense Ads plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.5.0 via the 'insert_php' shortcode. This is due to the plugin not restricting the usage of the functionality to high level authorized ...

9.9CVSS

9.6AI Score

0.001EPSS

2024-06-15 09:15 AM