id: CVE-2019-15858

info:
  name: Unauthenticated Woody Ad Snippets WordPress Plugin RCE
  author: dwisiswant0,fmunozs,patralos
  severity: high
  description: |
    This template supports the detection part only. See references.

    admin/includes/class.import.snippet.php in the "Woody ad snippets" plugin
    before 2.2.5 for WordPress allows unauthenticated options import,
    as demonstrated by storing an XSS payload for remote code execution.
  reference:
    - https://github.com/GeneralEG/CVE-2019-15858
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
    cvss-score: 8.8
    cve-id: CVE-2019-15858
    cwe-id: CWE-306
  tags: cve,cve2019,wordpress,wp-plugin,xss

requests:
  - method: GET
    path:
      - "{{BaseURL}}/wp-content/plugins/insert-php/readme.txt"

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200

      - type: word
        words:
          - "2.2.5"
        part: body
        negative: true

      - type: word
        words:
          - "Changelog"
        part: body

      - type: word
        words:
          - "Woody ad snippets"
        part: body