Webcraftic: >> Woody Ad Snippets >> 2.2.5 Security Vulnerabilities
The insert-php (aka Woody ad snippets) plugin before 2.2.8 for WordPress allows authenticated XSS via the winp_item parameter.
CVSS Score
5.4
EPSS Score
0.004
Published
2019-09-13
admin/includes/class.actions.snippet.php in the "Woody ad snippets" plugin through 2.2.5 for WordPress allows wp-admin/admin-post.php?action=close&post= deletion.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-08-08