Unauthenticated Options Import Vulnerability in Woody Ad Snippets Plugin for WordPress
CVE-2019-15858 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
admin/includes/class.import.snippet.php in the "Woody ad snippets" plugin before 2.2.5 for WordPress allows unauthenticated options import, as demonstrated by storing an XSS payload for remote code execution.
Learn more about our Wordpress Pen Testing.