Shodan
Vulnerabilities
Vulnerable Software
Webcraftic:  Security Vulnerabilities
CVE-2019-16289
The insert-php (aka Woody ad snippets) plugin before 2.2.8 for WordPress allows authenticated XSS via the winp_item parameter.
CVSS Score
5.4
EPSS Score
0.004
Published
2019-09-13
CVE-2019-15858
admin/includes/class.import.snippet.php in the "Woody ad snippets" plugin before 2.2.5 for WordPress allows unauthenticated options import, as demonstrated by storing an XSS payload for remote code execution.
CVSS Score
8.8
EPSS Score
0.596
Published
2019-09-03
CVE-2019-15818
The simple-301-redirects-addon-bulk-uploader plugin through 1.2.4 for WordPress has no requirement for authentication for action=bulk301export or action=bulk301clearlist.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-30
CVE-2019-15776
The simple-301-redirects-addon-bulk-uploader plugin before 1.2.5 for WordPress has no protection against 301 redirect rule injection via a CSV file.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-29
CVE-2019-14773
admin/includes/class.actions.snippet.php in the "Woody ad snippets" plugin through 2.2.5 for WordPress allows wp-admin/admin-post.php?action=close&post= deletion.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-08-08


Products
Pricing
Contact Us

Shodan ® - All rights reserved