ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Woody Ad Snippets plugin <= 2.2.4 - Unauthenticated stored Cross-Site Scripting (XSS) vulnerability

Product
Woody ad snippets
Description
Unauthenticated stored Cross-Site Scripting (XSS) vulnerability found by Jerome Bruandet (Nintechnet) by WordPress Woody Ad Snippets plugin (versions <= 2.2.4).
Solution
Update the WordPress Woody Ad Snippets plugin to the latest available version (at least 2.2.5).
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <= 2.2.4
Fixed In 2.2.5
Disclosure date
2019-08-06
Credits
Jerome Bruandet (Nintechnet)
Submitter
ThreatPress