Post Deletion Vulnerability in Woody Ad Snippets Plugin for WordPress
CVE-2019-14773

7.5HIGH

Key Information:

Vendor: Wordpress
Status: Woody Ad Snippets
Vendor: CVE Published:; 8 August 2019

Summary

The Woody Ad Snippets plugin for WordPress is susceptible to a post deletion vulnerability due to improper handling of requests to wp-admin/admin-post.php. This flaw enables unauthorized users to delete posts by manipulating action parameters, potentially leading to data loss and unauthorized content management. Users should take immediate action to update the plugin to mitigate risks associated with this vulnerability.

References

https://www.pluginvulnerabilities.com/2019/08/01/post-del...

x_refsource_MISC

https://wordpress.org/plugins/insert-php/#developers

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 8, 2019
Vulnerability Reserved
Aug 7, 2019