Log out
Get PRO

Latest

Input validation vulnerability in Woody code snippets – Insert Header Footer Code, AdSense Ads 2.3.10

  • Severity: medium-risk
  • Status: Fixed
  • Publication: September 16, 2020

The Woody code snippets plugin for WordPress is vulnerable to a type of attack called Cross-Site Request Forgery. This means that in versions 2.3.9 and earlier, attackers may be able to activate or deactivate snippets without proper authorization. To do this, an attacker must be able to get a site administrator to perform an action such as clicking on a link. This is possible because the plugin doesn’t have the correct security measures in place to prevent it.

Detected in:

Woody code snippets – Insert Header Footer Code, AdSense Ads fixed vulnerable versions: >= * < 2.3.10

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.