CVE-2024-3105 – Woody code snippets – Insert Header Footer Code, AdSense Ads <= 2.5.0 -Authenticated (Contributor+) Remote Code Execution

https://notcve.org/view.php?id=CVE-2024-3105

14 Jun 2024 — The Woody code snippets – Insert Header Footer Code, AdSense Ads plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.5.0 via the 'insert_php' shortcode. This is due to the plugin not restricting the usage of the functionality to high level authorized users. This makes it possible for authenticated attackers, with contributor-level access and above, to execute code on the server. El complemento Woody code snippets – Insert Header Footer Code, AdSense Ads para W... • https://github.com/hunThubSpace/CVE-2024-3105-PoC • CWE-94: Improper Control of Generation of Code ('Code Injection') •