cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-3105,https://securityvulnerability.io/vulnerability/CVE-2024-3105,"Remote Code Execution Vulnerability in Woody code snippets Insert Header Footer Code, AdSense Ads Plugin","The Insert Header Footer Code, AdSense Ads plugin for WordPress, developed by Woody, is susceptible to a Remote Code Execution vulnerability. This flaw affects all versions up to and including 2.5.0, primarily due to inadequate restrictions on the 'insert_php' shortcode functionality. As a result, authenticated attackers with contributor-level access or higher can potentially execute arbitrary code on the server, posing a significant security threat to WordPress installations utilizing this plugin.",Wordpress,"Woody Code Snippets – Insert Header Footer Code, Adsense Ads",9.9,CRITICAL,0.00044999999227002263,false,,false,false,true,true,false,false,2024-06-15T08:42:14.653Z,0
CVE-2020-36759,https://securityvulnerability.io/vulnerability/CVE-2020-36759,Cross-Site Request Forgery Vulnerability in Woody Code Snippets Plugin for WordPress,"The Woody Code Snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery, allowing unauthenticated attackers to manipulate code snippets remotely. This vulnerability arises from inadequate nonce validation in the runActions() function. By tricking a site administrator into performing an unintended action, attackers can activate or deactivate snippets, potentially compromising site integrity and security.",Wordpress,"Woody Code Snippets – Insert Header Footer Code, Adsense Ads",4.3,MEDIUM,0.0014700000174343586,false,,false,false,false,,false,false,2023-10-20T07:29:36.978Z,0
CVE-2019-16289,https://securityvulnerability.io/vulnerability/CVE-2019-16289,,The insert-php (aka Woody ad snippets) plugin before 2.2.8 for WordPress allows authenticated XSS via the winp_item parameter.,Wordpress,Woody Ad Snippets,5.4,MEDIUM,0.0008299999753944576,false,,false,false,false,,false,false,2019-09-13T14:58:03.000Z,0
CVE-2019-15858,https://securityvulnerability.io/vulnerability/CVE-2019-15858,,"admin/includes/class.import.snippet.php in the ""Woody ad snippets"" plugin before 2.2.5 for WordPress allows unauthenticated options import, as demonstrated by storing an XSS payload for remote code execution.",Wordpress,Woody Ad Snippets,8.8,HIGH,0.1244800016283989,false,,false,false,true,true,false,false,2019-09-03T06:14:03.000Z,0
CVE-2019-14773,https://securityvulnerability.io/vulnerability/CVE-2019-14773,,"admin/includes/class.actions.snippet.php in the ""Woody ad snippets"" plugin through 2.2.5 for WordPress allows wp-admin/admin-post.php?action=close&post= deletion.",Wordpress,Woody Ad Snippets,7.5,HIGH,0.0015200000489130616,false,,false,false,false,,false,false,2019-08-08T19:49:04.000Z,0