CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3105 – Woody code snippets – Insert Header Footer Code, AdSense Ads <= 2.5.0 -Authenticated (Contributor+) Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-3105
14 Jun 2024 — The Woody code snippets – Insert Header Footer Code, AdSense Ads plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.5.0 via the 'insert_php' shortcode. This is due to the plugin not restricting the usage of the functionality to high level authorized users. This makes it possible for authenticated attackers, with contributor-level access and above, to execute code on the server. El complemento Woody code snippets – Insert Header Footer Code, AdSense Ads para W... • https://github.com/hunThubSpace/CVE-2024-3105-PoC • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-16289 – Woody Ad Snippets <= 2.2.8 - Authenticated Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-16289
13 Sep 2019 — The insert-php (aka Woody ad snippets) plugin before 2.2.8 for WordPress allows authenticated XSS via the winp_item parameter. El plugin insert-php (también se conoce como Woody ad snippets) versiones anteriores a 2.2.8 para WordPress, permite un ataque de tipo XSS autenticado por medio del parámetro winp_item. The insert-php (aka Woody ad snippets) plugin before 2.2.9 for WordPress allows authenticated XSS via the winp_item parameter. • https://generaleg0x01.com/2019/09/13/xss-woody • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2019-15776 – Simple 301 Redirects Addon Bulk Uploader <= 1.2.4 - Missing Authorization
https://notcve.org/view.php?id=CVE-2019-15776
10 Aug 2019 — The simple-301-redirects-addon-bulk-uploader plugin before 1.2.5 for WordPress has no protection against 301 redirect rule injection via a CSV file. El plugin simple-301-redirects-addon-bulk-uploader versiones anteriores a 1.2.5 para WordPress, no presenta protección contra la inyección de la regla de redireccionamiento 301 por medio de un archivo CSV. • https://threatpost.com/wordpress-plugins-exploited-in-ongoing-attack-researchers-warn/147671 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-15818 – Simple 301 Redirects Addon Bulk Uploader <= 1.2.4 - Missing Authentication on Option Changes
https://notcve.org/view.php?id=CVE-2019-15818
10 Aug 2019 — The simple-301-redirects-addon-bulk-uploader plugin through 1.2.4 for WordPress has no requirement for authentication for action=bulk301export or action=bulk301clearlist. El plugin simple-301-redirects-addon-bulk-uploader a través de 1.2.4 para WordPress no tiene requisitos de autenticación para action = bulk301export o action = bulk301clearlist. • https://blog.nintechnet.com/unauthenticated-option-changes-in-wordpress-simple-301-redirects-addon-bulk-uploader-plugin • CWE-287: Improper Authentication CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-14773 – Woody Ad Snippets <= 2.2.5 - Arbitrary Post Deletion
https://notcve.org/view.php?id=CVE-2019-14773
08 Aug 2019 — admin/includes/class.actions.snippet.php in the "Woody ad snippets" plugin through 2.2.5 for WordPress allows wp-admin/admin-post.php?action=close&post= deletion. admin / includes / class.actions.snippet.php en el plugin "Woody ad snippets" hasta la versión 2.2.5 para WordPress permite wp-admin / admin-post.php? action = close & post = deletion. • https://wordpress.org/plugins/insert-php/#developers • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 11%CPEs: 1EXPL: 3CVE-2019-15858 – Woody Ad Snippets <= 2.2.4 - Missing Authorization to Settings Import
https://notcve.org/view.php?id=CVE-2019-15858
02 Aug 2019 — admin/includes/class.import.snippet.php in the "Woody ad snippets" plugin before 2.2.5 for WordPress allows unauthenticated options import, as demonstrated by storing an XSS payload for remote code execution. admin/includes/class.import.snippet.php en el plugin "Woody ad snippets" en versiones anteriores a la 2.2.5 para WordPress permite la importación de opciones no autenticadas, como lo demuestra el almacenamiento de una carga útil XSS para la ejecución remota de código. • https://github.com/GeneralEG/CVE-2019-15858 • CWE-306: Missing Authentication for Critical Function CWE-862: Missing Authorization •