Woody Ad Snippets <= 2.2.4 - Multiple issues leading to RCE



Description
Unauthenticated options import and unauthenticated stored XSS issues which could lead to Remote Code Execution.

Affects Plugin

References

CVE 2019-15858
URL https://blog.nintechnet.com/multiple-vulnerabilities-in-wordpress-woody-ad-snippets-plugin-lead-to-remote-code-execution/
URL https://portswigger.net/daily-swig/patch-now-exploit-released-for-wordpress-plugin-rce-bug

Classification

Type MULTI

Miscellaneous

Original Researcher Jerome Bruandet (nintechnet.com)
Views 3751
Verified No
WPVDB ID 9490

Timeline

Publicly Published 2019-08-02 (8 months ago)
Added 2019-08-02 (8 months ago)
Last Updated 2019-11-28 (4 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin