CVE-2019-15858: WordPress Woody Ad Snippets <2.2.5 - Cross-Site Scripting/Remote Code Execution

日期: 2025-08-01 | 影响软件: WordPress Woody Ad Snippets | POC: 已公开

漏洞描述

WordPress Woody Ad Snippets prior to 2.2.5 is susceptible to cross-site scripting and remote code execution via admin/includes/class.import.snippet.php, which allows unauthenticated options import as demonstrated by storing a cross-site scripting payload for remote code execution.

PoC代码[已公开]

id: CVE-2019-15858

info:
  name: WordPress Woody Ad Snippets <2.2.5 - Cross-Site Scripting/Remote Code Execution
  author: dwisiswant0,fmunozs,patralos
  severity: high
  description: |
    WordPress Woody Ad Snippets prior to 2.2.5 is susceptible to cross-site scripting and remote code execution via admin/includes/class.import.snippet.php, which allows unauthenticated options import as demonstrated by storing a cross-site scripting payload for remote code execution.
  impact: |
    Successful exploitation of this vulnerability could lead to unauthorized access, data theft, and remote code execution.
  remediation: |
    Update to the latest version of the Woody Ad Snippets plugin (2.2.5) or apply the vendor-provided patch to mitigate the vulnerability.
  reference:
    - https://github.com/GeneralEG/CVE-2019-15858
    - https://blog.nintechnet.com/multiple-vulnerabilities-in-wordpress-woody-ad-snippets-plugin-lead-to-remote-code-execution/
    - https://wpvulndb.com/vulnerabilities/9490
    - https://nvd.nist.gov/vuln/detail/CVE-2019-15858
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
    cvss-score: 8.8
    cve-id: CVE-2019-15858
    cwe-id: CWE-306
    epss-score: 0.59563
    epss-percentile: 0.98195
    cpe: cpe:2.3:a:webcraftic:woody_ad_snippets:*:*:*:*:*:wordpress:*:*
  metadata:
    max-request: 1
    vendor: webcraftic
    product: woody_ad_snippets
    framework: wordpress
  tags: cve,cve2019,wordpress,wp-plugin,xss,wp,webcraftic

http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-content/plugins/insert-php/readme.txt"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        negative: true
        words:
          - "2.2.5"

      - type: word
        part: body
        words:
          - "Changelog"

      - type: word
        part: body
        words:
          - "Woody ad snippets"

      - type: status
        status:
          - 200
# digest: 490a00463044022004b7af09398c6e7de51bc4510bec568854822c937735f6a06d9d53214b093ef60220143ac1005694f70c54e433a6bfc02e3243341c2b492e4ec6132727f935a329e7:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2019/CVE-2019-15858.yaml

相关漏洞推荐