The Woody code snippets plugin for WordPress can be exploited by unauthenticated attackers to inject arbitrary web script into pages. This is possible because the plugin, in versions up to and including 2.4.5, does not use the proper protection when it adds a query to a URL. If an attacker can trick a user into clicking a malicious link, the web script can be executed.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
