Vulnerabilities > Webcraftic

DATE CVE VULNERABILITY TITLE RISK
2019-09-13 CVE-2019-16289 Cross-site Scripting vulnerability in Webcraftic Woody AD Snippets
The insert-php (aka Woody ad snippets) plugin before 2.2.8 for WordPress allows authenticated XSS via the winp_item parameter.
network
low complexity
webcraftic CWE-79
5.4
2019-09-03 CVE-2019-15858 Missing Authentication for Critical Function vulnerability in Webcraftic Woody AD Snippets
admin/includes/class.import.snippet.php in the "Woody ad snippets" plugin before 2.2.5 for WordPress allows unauthenticated options import, as demonstrated by storing an XSS payload for remote code execution.
network
low complexity
webcraftic CWE-306
8.8
2019-08-30 CVE-2019-15818 Open Redirect vulnerability in Webcraftic Simple 301 Redirects
The simple-301-redirects-addon-bulk-uploader plugin through 1.2.4 for WordPress has no requirement for authentication for action=bulk301export or action=bulk301clearlist.
network
low complexity
webcraftic CWE-601
6.1
2019-08-29 CVE-2019-15776 Open Redirect vulnerability in Webcraftic Simple 301 Redirects-Addon-Bulk Uploader
The simple-301-redirects-addon-bulk-uploader plugin before 1.2.5 for WordPress has no protection against 301 redirect rule injection via a CSV file.
network
low complexity
webcraftic CWE-601
6.1
2019-08-08 CVE-2019-14773 Unspecified vulnerability in Webcraftic Woody AD Snippets
admin/includes/class.actions.snippet.php in the "Woody ad snippets" plugin through 2.2.5 for WordPress allows wp-admin/admin-post.php?action=close&post= deletion.
network
low complexity
webcraftic
7.5