What is CVE-2019-15858?

CVE-2019-15858 is a vulnerability in N/a. Published 2019-09-03.

Is CVE-2019-15858 known to be exploited?

18 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2019-15858

admin/includes/class.import.snippet.php in the "Woody ad snippets" plugin before 2.2.5 for WordPress allows unauthenticated options import, as demonstrated by storing an XSS payload for remote code execution.

EPSS: 0.702 (98.7th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

GeneralEG/CVE-2019-15858
orangmuda/CVE-2019-15858
0xT11/CVE-POC
20142995/nuclei-templates
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
Elsfa7-110/kenzer-templates
StarCrossPortal/scalpel
anonymous364872/Rapier_
apif-review/APIF_

References

wpvulndb.com/vulnerabilities/9490 (x_refsource_MISC)
blog.nintechnet.com/multiple-vulnerabilities-in-wordpress-woody-ad-snippets-plu… (x_refsource_MISC)

Frequently asked questions

What is CVE-2019-15858?: CVE-2019-15858 is a vulnerability in N/a. Published 2019-09-03.
Is CVE-2019-15858 known to be exploited?: 18 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.