GCVE - cpe:2.3:a:themeisle:woody_code_snippets_–_insert_php,_css,_js,_and_header/footer

Approved changes feed: RSS · Atom

cpe:2.3:a:themeisle:woody_code_snippets_–_insert_php,_css,_js,_and_header/footer_scripts:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Themeisle (`952ca4ef-81b0-5b76-b2cc-d8cf654b2d29`)
Product	Woody Code Snippets – Insert Php, Css, Js, And Header/Footer Scripts (`600740bd-475c-5024-ad35-55f2154a8ca4`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-3105`	vulnerable	2026-06-03 14:56:23.494837	Woody code snippets – Insert Header Footer Code, AdSense Ads <= 2.5.0 -Authenticated (Contributor+) Remote Code Execution CRITICAL (9.9) The Woody code snippets – Insert Header Footer Code, AdSense Ads plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.5.0 via the 'insert_php' shortcode. This is due to the plugin not restricting the usage of the functionality to high level authorized users. This makes it possible for authenticated attackers, with contributor-level access and above, to execute code on the server. Published: 2024-06-15T08:42:14.653Z Updated: 2026-04-08T16:36:37.357Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/134ad095-b0a0-4f0f-832d-3e558d4a250a?source=cve https://plugins.trac.wordpress.org/browser/insert-php/trunk/includes/class.plugin.php#L166 https://plugins.trac.wordpress.org/browser/insert-php/trunk/includes/shortcodes/shortcode-insert-php.php https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3102522%40insert-php&new=3102522%40insert-php&sfp_email=&sfph_mail=	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-36759`	vulnerable	2026-06-03 14:42:39.917305	Woody code snippets <= 2.3.9 - Cross-Site Request Forgery Bypass MEDIUM (4.3) The Woody code snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.9. This is due to missing or incorrect nonce validation on the runActions() function. This makes it possible for unauthenticated attackers to activate and deactivate snippets via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Published: 2023-10-20T07:29:36.978Z Updated: 2026-04-08T17:29:52.309Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/e573c0a4-d053-400b-828c-0d0eca880776?source=cve https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/ https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/ https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/ https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Woody Code Snippets – Insert Php, Css, Js, And Header/Footer Scripts

PURL mappings

Vulnerability references

Contribute