Vulnerabilities > Webcraftic > Woody AD Snippets

DATE CVE VULNERABILITY TITLE RISK
2019-09-13 CVE-2019-16289 Cross-site Scripting vulnerability in Webcraftic Woody AD Snippets
The insert-php (aka Woody ad snippets) plugin before 2.2.8 for WordPress allows authenticated XSS via the winp_item parameter.
network
low complexity
webcraftic CWE-79
5.4
5.4
2019-09-03 CVE-2019-15858 Missing Authentication for Critical Function vulnerability in Webcraftic Woody AD Snippets
admin/includes/class.import.snippet.php in the "Woody ad snippets" plugin before 2.2.5 for WordPress allows unauthenticated options import, as demonstrated by storing an XSS payload for remote code execution.
network
low complexity
webcraftic CWE-306
8.8
8.8
2019-08-08 CVE-2019-14773 Unspecified vulnerability in Webcraftic Woody AD Snippets
admin/includes/class.actions.snippet.php in the "Woody ad snippets" plugin through 2.2.5 for WordPress allows wp-admin/admin-post.php?action=close&post= deletion.
network
low complexity
webcraftic
7.5
7.5