Unauthenticated Options Import Vulnerability in Woody Ad Snippets Plugin for WordPress

Unauthenticated Options Import Vulnerability in Woody Ad Snippets Plugin for WordPress

CVE-2019-15858 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

admin/includes/class.import.snippet.php in the "Woody ad snippets" plugin before 2.2.5 for WordPress allows unauthenticated options import, as demonstrated by storing an XSS payload for remote code execution.

Learn more about our Wordpress Pen Testing.