The Woody code snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.9. This is due to missing or incorrect nonce validation on the runActions() function. This makes it possible for unauthenticated attackers to activate and deactivate snippets via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
More Stories
python3.6-3.6.15-43.fc43
FEDORA-2025-e0b960f5d0 Packages in this update: python3.6-3.6.15-43.fc43 Update description: Automatic update for python3.6-3.6.15-43.fc43. Changelog * Fri Feb 14 2025 Charalampos Stratakis...
python3.6-3.6.15-43.fc40
FEDORA-2025-e60e30944c Packages in this update: python3.6-3.6.15-43.fc40 Update description: Security fix CVE-2025-0938 Read More
python3.6-3.6.15-43.fc41
FEDORA-2025-59cbb4663d Packages in this update: python3.6-3.6.15-43.fc41 Update description: Security fix CVE-2025-0938 Read More
python3.6-3.6.15-43.fc42
FEDORA-2025-f1971ff110 Packages in this update: python3.6-3.6.15-43.fc42 Update description: Security fix CVE-2025-0938 Read More
USN-7275-1: Libtasn1 vulnerability
Bing Shi discovered that Libtasn1 inefficiently handled certificates. An attacker could possibly use this issue to increase resource utilization leading...
kernel-6.12.15-200.fc41
FEDORA-2025-cca2fcc70c Packages in this update: kernel-6.12.15-200.fc41 Update description: The 6.12.15 stable kernel update contains a number of important fixes across...