id: CVE-2019-15858 info: name: WordPress Woody Ad Snippets <2.2.5 - Cross-Site Scripting/Remote Code Execution author: dwisiswant0,fmunozs,patralos severity: high description: | WordPress Woody Ad Snippets prior to 2.2.5 is susceptible to cross-site scripting and remote code execution via admin/includes/class.import.snippet.php, which allows unauthenticated options import as demonstrated by storing a cross-site scripting payload for remote code execution. impact: | Successful exploitation of this vulnerability could lead to unauthorized access, data theft, and remote code execution. remediation: | Update to the latest version of the Woody Ad Snippets plugin (2.2.5) or apply the vendor-provided patch to mitigate the vulnerability. reference: - https://github.com/GeneralEG/CVE-2019-15858 - https://blog.nintechnet.com/multiple-vulnerabilities-in-wordpress-woody-ad-snippets-plugin-lead-to-remote-code-execution/ - https://wpvulndb.com/vulnerabilities/9490 - https://nvd.nist.gov/vuln/detail/CVE-2019-15858 - https://github.com/ARPSyndicate/kenzer-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H cvss-score: 8.8 cve-id: CVE-2019-15858 cwe-id: CWE-306 epss-score: 0.02804 epss-percentile: 0.90638 cpe: cpe:2.3:a:webcraftic:woody_ad_snippets:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 vendor: webcraftic product: woody_ad_snippets framework: wordpress tags: cve,cve2019,wordpress,wp-plugin,xss,wp,webcraftic http: - method: GET path: - "{{BaseURL}}/wp-content/plugins/insert-php/readme.txt" matchers-condition: and matchers: - type: word part: body negative: true words: - "2.2.5" - type: word part: body words: - "Changelog" - type: word part: body words: - "Woody ad snippets" - type: status status: - 200 # digest: 4b0a00483046022100cd07f345ee9ee0404866dd839e20885d81d97b4d14a5a52ddd02d9c40b34d91d022100fded75594eebc1f4fde50dffe2d85704005119e1208884d4bf320b0739ffd219:922c64590222798bb761d5b6d8e72950