WordPress Plugin Vulnerabilities

Woody Ad Snippets < 2.2.9 - Authenticated Cross-Site Scripting (XSS)

Description

The Woody ad snippets – Insert Header Footer Code, AdSense Ads WordPress plugin was affected by an Authenticated Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
insert-php
Fixed in 2.2.9

References

CVE
CVE-2019-16289
URL
https://plugins.trac.wordpress.org/changeset/2156042/insert-php
URL
https://plugins.trac.wordpress.org/changeset/2157622/insert-php
URL
https://generaleg0x01.com/2019/09/13/xss-woody/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
GeneralEG
Verified
No
WPVDB ID
a8ed6960-8336-471f-ab54-68caa3397378

Timeline

Publicly Published
2019-09-13 (about 6 years ago)
Added
2019-09-14 (about 6 years ago)
Last Updated
2021-03-02 (about 5 years ago)

Other

Published
Title
Published
2021-05-17
Title
Smooth Scroll Page Up/Down Buttons < 1.4 - Authenticated Stored XSS
Published
2014-09-29
Title
My Calendar 1.10.2 - XSS in PATH_INFO Parameter
Published
2021-08-02
Title
VDZ Google Analytics or Google Tag Manager / GTM < 1.4.9 - Authenticated Stored XSS
Published
2025-01-06
Title
Typing Text <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2024-10-31
Title
ThemeShark Templates & Widgets for Elementor <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting