Woody Code Snippets – Insert PHP, CSS, JS, and Header/Footer Scripts

Vulnerabilities 14Slug insert-phpLatest version 2.7.4WordPress.org →

Minimum safe version

2.7.2

Update to 2.7.2 or later to address 14 fixable vulnerabilities

Latest available2.7.4 ✓

Critical 9.9

2026-03-25< 2.7.2

CVE-2026-25366

CVE Wordfence

Critical 9.9

2024-06-15< 2.5.1

CVE-2024-3105

CVE Wordfence Patchstack

Medium 4.8

2024-06-08< 2.5.1

CVE-2024-35751

CVE Patchstack Wordfence

Medium 4.3

2023-10-20< 2.3.10

CVE-2020-36759

CVE Wordfence WPScan

N/A

2023-06-07< 2.3.10

CVE-2021-4342

CVE

N/A

< 2.4.6

Woody Code Snippets < 2.4.6 - Reflected Cross-Site Scripting

WPScan

N/A

< 2.3.10

Various Affected Software (Various Versions) - Cross-Site Request Forgery Bypass

Wordfence

N/A

2022-06-02< 2.4.6

Woody code snippets <= 2.4.5 - Reflected Cross-Site Scripting

Wordfence

N/A

2022-06-14< 2.4.6

WordPress Woody Code Snippets plugin <= 2.4.5 - Reflected Cross-Site Scripting (XSS) vulnerability

Patchstack

N/A

2019-08-06< 2.2.5

WordPress Woody Ad Snippets plugin <= 2.2.4 - Unauthenticated stored Cross-Site Scripting (XSS) vulnerability

Patchstack

N/A

2020-09-16< 2.3.10

WordPress Woody ad snippets plugin <= 2.3.9 - Cross-Site Request Forgery (CSRF) vulnerability

Patchstack

High 7.5

2019-08-09< 2.2.6

Woody Ad Snippets <= 2.2.5 - Arbitrary Post Deletion

Wordfence CVE WPScan

High 8.8

2019-09-03< 2.2.5

CVE-2019-15858

CVE Wordfence WPScan

Medium 5.4

2019-09-15< 2.2.9

WordPress Woody Ad Snippets plugin <= 2.2.7 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Patchstack CVE Wordfence WPScan