Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Code Snippets Security Vulnerabilities

cve
cve

CVE-2024-3105

The Woody code snippets – Insert Header Footer Code, AdSense Ads plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.5.0 via the 'insert_php' shortcode. This is due to the plugin not restricting the usage of the functionality to high level authorized....

9.9CVSS

9.6AI Score

0.001EPSS

2024-06-15 09:15 AM
22
cve
cve

CVE-2023-23645

Improper Control of Generation of Code ('Code Injection') vulnerability in MainWP MainWP Code Snippets Extension allows Code Injection.This issue affects MainWP Code Snippets Extension: from n/a through...

9.9CVSS

6.9AI Score

0.0004EPSS

2024-05-17 07:15 AM
40
cve
cve

CVE-2023-47666

Cross-Site Request Forgery (CSRF) vulnerability in Code Snippets Pro Code Snippets.This issue affects Code Snippets: from n/a through...

8.8CVSS

8.7AI Score

0.001EPSS

2023-11-18 09:15 PM
25
cve
cve

CVE-2020-36759

The Woody code snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.9. This is due to missing or incorrect nonce validation on the runActions() function. This makes it possible for unauthenticated attackers to activate and deactivate...

4.3CVSS

4.4AI Score

0.001EPSS

2023-10-20 08:15 AM
25
cve
cve

CVE-2023-23650

Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in MainWP MainWP Code Snippets Extension plugin <= 4.0.2...

6.5CVSS

5.3AI Score

0.001EPSS

2023-03-23 02:15 PM
19
cve
cve

CVE-2022-25617

Reflected Cross-Site Scripting (XSS) vulnerability in Code Snippets plugin <= 2.14.3 at WordPress via &orderby vulnerable...

6.1CVSS

6AI Score

0.001EPSS

2022-05-18 06:15 PM
47
4
cve
cve

CVE-2022-29436

Persistent Cross-Site Scripting (XSS) vulnerability in Alexander Stokmann's Code Snippets Extended plugin <= 1.4.7 on WordPress via Cross-Site Request Forgery (vulnerable parameters &title,...

6.1CVSS

6.2AI Score

0.001EPSS

2022-05-17 08:15 PM
60
4
cve
cve

CVE-2022-29435

Cross-Site Request Forgery (CSRF) vulnerability in Alexander Stokmann's Code Snippets Extended plugin <= 1.4.7 on WordPress allows an attacker to delete or to turn on/off...

5.4CVSS

5.6AI Score

0.001EPSS

2022-05-17 08:15 PM
55
6
cve
cve

CVE-2022-29429

Remote Code Execution (RCE) in Alexander Stokmann's Code Snippets Extended plugin <= 1.4.7 on WordPress via Cross-Site Request...

8.8CVSS

8.9AI Score

0.002EPSS

2022-05-17 07:15 PM
50
6
cve
cve

CVE-2021-25008

The Code Snippets WordPress plugin before 2.14.3 does not escape the snippets-safe-mode parameter before outputting it back in attributes, leading to a Reflected Cross-Site Scripting...

6.1CVSS

6.1AI Score

0.001EPSS

2022-01-24 08:15 AM
31
cve
cve

CVE-2021-24791

The Header Footer Code Manager WordPress plugin before 1.1.14 does not validate and escape the "orderby" and "order" request parameters before using them in a SQL statement when viewing the Snippets admin dashboard, leading to SQL...

7.2CVSS

7AI Score

0.184EPSS

2021-11-08 06:15 PM
24
cve
cve

CVE-2020-8417

The Code Snippets plugin before 2.14.0 for WordPress allows CSRF because of the lack of a Referer check on the import...

8.8CVSS

8.7AI Score

0.001EPSS

2020-01-28 09:15 PM
108
6