Woody Ad Snippets <= 2.2.8 - Authenticated Cross-Site Scripting (XSS)

Affects Plugin

Woody ad snippets – Insert Header Footer Code, AdSense Ads

fixed in version 2.2.9

References

CVE	2019-16289
URL	https://plugins.trac.wordpress.org/changeset/2156042/insert-php
URL	https://plugins.trac.wordpress.org/changeset/2157622/insert-php
URL	https://generaleg0x01.com/2019/09/13/xss-woody/

Classification

Type	XSS
OWASP Top 10	A7: Cross-Site Scripting (XSS)
CWE	CWE-79

Miscellaneous

Original Researcher	GeneralEG
Views	7518
Verified	No
WPVDB ID	9880

Timeline

Publicly Published	2019-09-13 (9 months ago)
Added	2019-09-14 (9 months ago)
Last Updated	2019-11-28 (6 months ago)

Our Other Services

Online WordPress Vulnerability Scanner

WPScan WordPress Security Plugin