Vulnerability Details CVE-2019-15858
admin/includes/class.import.snippet.php in the "Woody ad snippets" plugin before 2.2.5 for WordPress allows unauthenticated options import, as demonstrated by storing an XSS payload for remote code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.596
EPSS Ranking 98.1%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
- https://blog.nintechnet.com/multiple-vulnerabilities-in-wordpress-woody-ad-snippets-plugin-lead-to-remote-code-execution/
- https://wpvulndb.com/vulnerabilities/9490
- https://blog.nintechnet.com/multiple-vulnerabilities-in-wordpress-woody-ad-snippets-plugin-lead-to-remote-code-execution/
- https://wpvulndb.com/vulnerabilities/9490
Products affected by CVE-2019-15858
-
cpe:2.3:a:webcraftic:woody_ad_snippets:-
-
cpe:2.3:a:webcraftic:woody_ad_snippets:1.0
-
cpe:2.3:a:webcraftic:woody_ad_snippets:1.1
-
cpe:2.3:a:webcraftic:woody_ad_snippets:1.2
-
cpe:2.3:a:webcraftic:woody_ad_snippets:1.3
-
cpe:2.3:a:webcraftic:woody_ad_snippets:2.0.1
-
cpe:2.3:a:webcraftic:woody_ad_snippets:2.0.2
-
cpe:2.3:a:webcraftic:woody_ad_snippets:2.0.4
-
cpe:2.3:a:webcraftic:woody_ad_snippets:2.0.6
-
cpe:2.3:a:webcraftic:woody_ad_snippets:2.1.2
-
cpe:2.3:a:webcraftic:woody_ad_snippets:2.1.3
-
cpe:2.3:a:webcraftic:woody_ad_snippets:2.1.4
-
cpe:2.3:a:webcraftic:woody_ad_snippets:2.1.5
-
cpe:2.3:a:webcraftic:woody_ad_snippets:2.1.6
-
cpe:2.3:a:webcraftic:woody_ad_snippets:2.1.7
-
cpe:2.3:a:webcraftic:woody_ad_snippets:2.1.9
-
cpe:2.3:a:webcraftic:woody_ad_snippets:2.1.91
-
cpe:2.3:a:webcraftic:woody_ad_snippets:2.2.1
-
cpe:2.3:a:webcraftic:woody_ad_snippets:2.2.2
-
cpe:2.3:a:webcraftic:woody_ad_snippets:2.2.4