CVE-2019-14773

Name of the Vulnerable Software and Affected Versions Woody ad snippets plugin versions prior to 2.2.6

Description The issue concerns the "Woody ad snippets" plugin for WordPress, where a problem in the admin/includes/class.actions.snippet.php file allows unauthorized post deletion through the wp-admin/admin-post.php action. Specifically, the API endpoint '/wp-admin/admin-post.php' with the action 'close' and the parameter post can be exploited.

Recommendations For Woody ad snippets plugin versions prior to 2.2.6, update to version 2.2.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the /wp-admin/admin-post.php endpoint with the action parameter set to 'close' and the post parameter until a patch is available.