Woody Ad Snippets <= 2.2.4 - Multiple issues leading to RCE



Description
Unauthenticated options import and unauthenticated stored XSS issues which could lead to Remote Code Execution.

Affects Plugin

fixed in version 2.2.5

References

CVE 2019-15858
URL https://blog.nintechnet.com/multiple-vulnerabilities-in-wordpress-woody-ad-snippets-plugin-lead-to-remote-code-execution/
URL https://portswigger.net/daily-swig/patch-now-exploit-released-for-wordpress-plugin-rce-bug

Classification

Type MULTI

Miscellaneous

Original Researcher Jerome Bruandet (nintechnet.com)
Views 3105
Verified No
WPVDB ID 9490

Timeline

Publicly Published 2019-08-02 (3 months ago)
Added 2019-08-02 (3 months ago)
Last Updated 2019-09-16 (about 2 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin