Home / CVE-2019-15858

CVE-2019-15858

HIGH NUCLEI

Woody ad snippets <2.2.5 - RCE

Title source: llm

Description

admin/includes/class.import.snippet.php in the "Woody ad snippets" plugin before 2.2.5 for WordPress allows unauthenticated options import, as demonstrated by storing an XSS payload for remote code execution.

Exploits (8)

nomisec WORKING POC 32 stars

by GeneralEG · poc

https://github.com/GeneralEG/CVE-2019-15858

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2019-15858, targeting an unauthenticated remote code execution vulnerability in the WordPress Woody Ad Snippets plugin (versions 2.2.4 and below). The exploit leverages an options import vulnerability combined with stored XSS to achieve RCE.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: WordPress Woody Ad Snippets plugin <= 2.2.4

No auth needed

Prerequisites: Target must be running vulnerable version of Woody Ad Snippets plugin · Target must have the plugin's admin interface accessible

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC 3 stars

by orangmuda · poc

https://github.com/orangmuda/CVE-2019-15858

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2019-15858, which combines an unauthenticated options import vulnerability with a stored XSS to achieve remote code execution in the WordPress Woody Ad Snippets plugin (versions 2.2.4 and below). The exploit uploads a malicious JSON payload to trigger the vulnerability and includes a JavaScript-based RCE payload for further exploitation.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: WordPress Woody Ad Snippets plugin <= 2.2.4

No auth needed

Prerequisites: Target must be running vulnerable version of Woody Ad Snippets plugin · WordPress installation must be accessible

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

inthewild WORKING POC

poc

https://github.com/thomsdev/cve-2019-15858

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2019-15858, which combines an unauthenticated options import vulnerability with a stored XSS to achieve remote code execution in the WordPress Woody Ad Snippets plugin (versions 2.2.4 and below). The exploit uploads a malicious JSON payload and leverages a JavaScript-based RCE to execute arbitrary PHP code.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: WordPress Woody Ad Snippets plugin <= 2.2.4

No auth needed

Prerequisites: Target must be running vulnerable plugin version · Attacker must be able to reach the WordPress admin interface

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 23, 2026 Full analysis →

inthewild WORKING POC

poc

https://github.com/rakhanobe/cve-2019-15858

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2019-15858, targeting the Woody Ad Snippets WordPress plugin (versions 2.2.4 and below). The exploit combines an unauthenticated options import vulnerability with stored XSS to achieve remote code execution by uploading a malicious payload.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Woody Ad Snippets WordPress plugin (versions <= 2.2.4)

No auth needed

Prerequisites: Target must be running vulnerable plugin version · Attacker must provide a list of target sites and a payload file

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 23, 2026 Full analysis →

inthewild WORKING POC

poc

https://github.com/oxctdev/cve-2019-15858

View Code ZIP pw:eip

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: WordPress Woody Ad Snippets plugin <= 2.2.4

No auth needed

Prerequisites: Target running vulnerable WordPress plugin · Ability to send HTTP requests to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 23, 2026 Full analysis →

inthewild WORKING POC

poc

https://github.com/onsecuredev/cve-2019-15858

View Code ZIP pw:eip

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: WordPress Woody Ad Snippets plugin (versions 2.2.4 and below)

No auth needed

Prerequisites: Target WordPress site with vulnerable Woody Ad Snippets plugin installed · Payload file in JSON format

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 23, 2026 Full analysis →

inthewild WORKING POC

poc

https://github.com/byteofjoshua/cve-2019-15858

View Code ZIP pw:eip

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: WordPress Woody Ad Snippets plugin (versions 2.2.4 and below)

No auth needed

Prerequisites: Target must be running a vulnerable version of the Woody Ad Snippets plugin · Attacker must be able to send HTTP requests to the target WordPress site

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 23, 2026 Full analysis →

inthewild WORKING POC

poc

https://github.com/byteofandri/cve-2019-15858

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2019-15858, targeting the Woody Ad Snippets WordPress plugin (versions 2.2.4 and below). The exploit combines an unauthenticated options import vulnerability with a stored XSS to achieve remote code execution by uploading a malicious JSON payload and leveraging a crafted JavaScript file to install a PHP backdoor.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Woody Ad Snippets WordPress Plugin (versions <= 2.2.4)

No auth needed

Prerequisites: Target must be running a vulnerable version of the Woody Ad Snippets plugin · WordPress admin interface must be accessible

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 23, 2026 Full analysis →

Nuclei Templates (1)

WordPress Woody Ad Snippets <2.2.5 - Cross-Site Scripting/Remote Code Execution

HIGHby dwisiswant0,fmunozs,patralos

References (2)

[Exploit, Third Party Advisory] https://blog.nintechnet.com/multiple-vulnerabilities-in-wordpress-woody-ad-snippets-plugin-lead-to-remote-code-execution/

[Third Party Advisory] https://wpvulndb.com/vulnerabilities/9490

Scores

CVSS v3 8.8

EPSS 0.7021

EPSS Percentile 98.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-306

Status published

Products (1)

webcraftic/woody_ad_snippets < 2.2.5

Published Sep 03, 2019

Tracked Since Feb 18, 2026