cleantalk
Vulnerabilities and Security Researches

Woody code snippets – Insert Header Footer Code, AdSense Ads, CVE-2024-3105

CVE, Research URL

CVE-2024-3105

Home page URL

Security reports for Woody code snippets – Insert Header Footer Code, AdSense Ads

Application

Woody code snippets – Insert Header Footer Code, AdSense Ads

Published on
Jun 15, 2024
Research Description
The Woody code snippets – Insert Header Footer Code, AdSense Ads plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.5.0 via the 'insert_php' shortcode. This is due to the plugin not restricting the usage of the functionality to high level authorized users. This makes it possible for authenticated attackers, with contributor-level access and above, to execute code on the server.
Affected versions
max 2.5.1.
Status
vulnerable
Previous vulnerability researches
Woody code snippets – Insert Header Footer Code, AdSense Ads (CVE-2019-15858) , Jun 07, 2024
Woody code snippets – Insert Header Footer Code, AdSense Ads (CVE-2019-14773) , Jun 07, 2024
Woody code snippets – Insert Header Footer Code, AdSense Ads (CVE-2021-4342) , Jun 07, 2024
Woody code snippets – Insert Header Footer Code, AdSense Ads (CVE-2019-16289) , Jun 07, 2024
Woody code snippets – Insert Header Footer Code, AdSense Ads (CVE-2020-36759) , Jun 07, 2024
New vulnerability
File Manager Pro – Filester , Mar 30, 2026
Simple Author Box , Mar 30, 2026
Customizable WordPress Gallery Plugin – Modula Image Gallery , Mar 30, 2026
Speed Optimizer – The All-In-One WordPress Performance-Boosting Plugin , Mar 30, 2026
Product Feed PRO for WooCommerce (CVE-2026-32443) , Mar 30, 2026