Webcraftic: >> Woody Ad Snippets >> 2.1.2 Security Vulnerabilities
The insert-php (aka Woody ad snippets) plugin before 2.2.8 for WordPress allows authenticated XSS via the winp_item parameter.
CVSS Score
5.4
EPSS Score
0.004
Published
2019-09-13
admin/includes/class.import.snippet.php in the "Woody ad snippets" plugin before 2.2.5 for WordPress allows unauthenticated options import, as demonstrated by storing an XSS payload for remote code execution.
CVSS Score
8.8
EPSS Score
0.596
Published
2019-09-03
admin/includes/class.actions.snippet.php in the "Woody ad snippets" plugin through 2.2.5 for WordPress allows wp-admin/admin-post.php?action=close&post= deletion.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-08-08