PT-2019-13825 · WordPress · Woody Ad Snippets

Published

2019-08-08

Updated

2020-08-24

CVE-2019-14773

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Woody ad snippets plugin versions prior to 2.2.6

Description The issue concerns the "Woody ad snippets" plugin for WordPress, where a problem in the admin/includes/class.actions.snippet.php file allows unauthorized post deletion through the wp-admin/admin-post.php action. Specifically, the API endpoint '/wp-admin/admin-post.php' with the action 'close' and the parameter post can be exploited.

Recommendations For Woody ad snippets plugin versions prior to 2.2.6, update to version 2.2.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the /wp-admin/admin-post.php endpoint with the action parameter set to 'close' and the post parameter until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2019-14773

Affected Products

Woody Ad Snippets

PT-2019-13825 · WordPress · Woody Ad Snippets

CVE-2019-14773

Related Identifiers

Affected Products

References · 4