Search
Search Results (4 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-1785 | 2 Codesnippets, Wordpress | 2 Code Snippets, Wordpress | 2026-02-09 | 4.3 Medium |
| The Code Snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9.4. This is due to missing nonce validation on the cloud snippet download and update actions in the Cloud_Search_List_Table class. This makes it possible for unauthenticated attackers to force logged-in administrators to download or update cloud snippets without their consent via a crafted request, granted they can trick an administrator into visiting a malicious page. | ||||
| CVE-2022-25617 | 1 Codesnippets | 1 Code Snippets | 2025-02-20 | 4.7 Medium |
| Reflected Cross-Site Scripting (XSS) vulnerability in Code Snippets plugin <= 2.14.3 at WordPress via &orderby vulnerable parameter. | ||||
| CVE-2021-25008 | 1 Codesnippets | 1 Code Snippets | 2024-11-21 | 6.1 Medium |
| The Code Snippets WordPress plugin before 2.14.3 does not escape the snippets-safe-mode parameter before outputting it back in attributes, leading to a Reflected Cross-Site Scripting issue | ||||
| CVE-2020-8417 | 1 Codesnippets | 1 Code Snippets | 2024-11-21 | 8.8 High |
| The Code Snippets plugin before 2.14.0 for WordPress allows CSRF because of the lack of a Referer check on the import menu. | ||||
Page 1 of 1.