cleantalk
Vulnerabilities and Security Researches

Woody code snippets – Insert Header Footer Code, AdSense Ads, CVE-2020-36759

CVE, Research URL

CVE-2020-36759

Home page URL

Security reports for Woody code snippets – Insert Header Footer Code, AdSense Ads

Application

Woody code snippets – Insert Header Footer Code, AdSense Ads

Published on
Oct 20, 2023
Research Description
The Woody code snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.9. This is due to missing or incorrect nonce validation on the runActions() function. This makes it possible for unauthenticated attackers to activate and deactivate snippets via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 2.3.10.
Status
vulnerable
Previous vulnerability researches
Woody code snippets – Insert Header Footer Code, AdSense Ads (CVE-2019-15858) , Jun 07, 2024
Woody code snippets – Insert Header Footer Code, AdSense Ads (CVE-2019-14773) , Jun 07, 2024
Woody code snippets – Insert Header Footer Code, AdSense Ads (CVE-2021-4342) , Jun 07, 2024
Woody code snippets – Insert Header Footer Code, AdSense Ads (CVE-2019-16289) , Jun 07, 2024
Woody code snippets – Insert Header Footer Code, AdSense Ads (CVE-2020-36759) , Jun 07, 2024
New vulnerability
File Manager Pro – Filester , Mar 30, 2026
Simple Author Box , Mar 30, 2026
Customizable WordPress Gallery Plugin – Modula Image Gallery , Mar 30, 2026
Speed Optimizer – The All-In-One WordPress Performance-Boosting Plugin , Mar 30, 2026
Product Feed PRO for WooCommerce (CVE-2026-32443) , Mar 30, 2026