id: CVE-2019-15858 info: name: Unauthenticated Woody Ad Snippets WordPress Plugin RCE author: dwisiswant0,fmunozs,patralos severity: high description: | This template supports the detection part only. See references. admin/includes/class.import.snippet.php in the "Woody ad snippets" plugin before 2.2.5 for WordPress allows unauthenticated options import, as demonstrated by storing an XSS payload for remote code execution. reference: https://github.com/GeneralEG/CVE-2019-15858 tags: cve,cve2019,wordpress,wp-plugin,xss classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H cvss-score: 8.80 cve-id: CVE-2019-15858 cwe-id: CWE-306 requests: - method: GET path: - "{{BaseURL}}/wp-content/plugins/insert-php/readme.txt" matchers-condition: and matchers: - type: status status: - 200 - type: word words: - "2.2.5" part: body negative: true - type: word words: - "Changelog" part: body - type: word words: - "Woody ad snippets" part: body