WordPress Plugin Vulnerabilities

Woody Ad Snippets < 2.2.5 - Multiple issues leading to RCE

Description

Unauthenticated options import and unauthenticated stored XSS issues which could lead to Remote Code Execution.

Affects Plugins

Plugin icon
insert-php
Fixed in 2.2.5

References

CVE
CVE-2019-15858
URL
https://blog.nintechnet.com/multiple-vulnerabilities-in-wordpress-woody-ad-snippets-plugin-lead-to-remote-code-execution/
URL
https://portswigger.net/daily-swig/patch-now-exploit-released-for-wordpress-plugin-rce-bug

Miscellaneous

Original Researcher
Jerome Bruandet (nintechnet.com)
Verified
No
WPVDB ID
ad5d3cc8-ba93-49fe-920d-c0836210ce45

Timeline

Publicly Published
2019-08-02 (about 6 years ago)
Added
2019-08-02 (about 6 years ago)
Last Updated
2021-03-02 (about 5 years ago)

Other

Published
Title
Published
2020-06-21
Title
All in One Support Button < 1.8.8 - Authenticated Stored Cross-Site Scripting
Published
2016-08-01
Title
WP Database Backup < 4.3.1 - CSRF & XSS
Published
2019-03-14
Title
Import users from CSV with meta <= 1.14.0.2 - XSS and CSRF
Published
2018-03-14
Title
WooCommerce Products Filter < 1.2.0 - Multiple Issues
Published
2014-08-01
Title
Mingle Forum <= 1.0.32.1 - Cross Site Scripting / SQL Injection