CVE-2026-1785

The Code Snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9.4. This is due to missing nonce validation on the cloud snippet download and update actions in the CloudSearchListTable class. This makes it possible for unauthenticated...

EUVD-2025-198141

The Code Snippets plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 3.9.1. This is due to the plugin's use of extract on attacker-controlled shortcode attributes within the evaluateshortcodefromflatfile method, which can be used to overwrite the...

CVE-2025-13035 Code Snippets <= 3.9.1 - Authenticated (Contributor+) PHP Code Injection via extract() and PHP Filter Chains

The Code Snippets plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 3.9.1. This is due to the plugin's use of extract on attacker-controlled shortcode attributes within the evaluateshortcodefromflatfile method, which can be used to overwrite the...

WordPress plugin Code Snippets 代码注入漏洞

WordPress Code Snippets plugin is a plugin designed for WordPress to conveniently add and manage custom code snippets without having to directly modify the theme files. The WordPress Code Snippets plugin suffers from a code injection vulnerability that stems from the evaluateshortcodefromflatfile...

WordPress Code Snippets plugin <= 3.9.1 - Authenticated (Contributor+) PHP Code Injection via extract() and PHP Filter Chains vulnerability

Authenticated Contributor+ PHP Code Injection via extract and PHP Filter Chains vulnerability discovered by mikemyers in WordPress Plugin Code Snippets versions = 3.9.1...

EUVD-2022-30277

Malicious code in bioql PyPI...

CVE-2021-25008

The Code Snippets WordPress plugin before 2.14.3 does not escape the snippets-safe-mode parameter before outputting it back in attributes, leading to a Reflected Cross-Site Scripting issue...

CVE-2024-13895 Code Snippets CPT <= 2.1.0 - Authenticated (Subscriber+) Arbitrary Shortcode Execution

The The Code Snippets CPT plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.1.0. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

WordPress plugin The Code Snippets CPT 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code injection vulnerability exists in...

CVE-2020-8417

The Code Snippets plugin before 2.14.0 for WordPress allows CSRF because of the lack of a Referer check on the import menu...

CVE-2025-23780 WordPress Easy Code Snippets Plugin <= 1.0.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Alpha BPO Easy Code Snippets easy-code-snippets allows SQL Injection.This issue affects Easy Code Snippets: from n/a through = 1.0.2...

CVE-2025-23780

CVE-2025-23780 describes an SQL Injection in AlphaBPO Easy Code Snippets (WordPress) due to improper neutralization of special elements in SQL commands. Affected: Easy Code Sn snippets from n/a through 1.0.2. CVSSv3.1 base 7.6 (HIGH), attack vector NETWORK, privileges required HIGH, user interact...

CVE-2023-47666 WordPress Code Snippets Plugin <= 3.5.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Code Snippets Pro Code Snippets.This issue affects Code Snippets: from n/a through 3.5.0...

CVE-2022-25617

Reflected Cross-Site Scripting XSS vulnerability in Code Snippets plugin = 2.14.3 at WordPress via &orderby vulnerable parameter...

Cross site scripting

Reflected Cross-Site Scripting XSS vulnerability in Code Snippets plugin = 2.14.3 at WordPress via &orderby vulnerable parameter...

CVE-2022-25617

The CVE-2022-25617 entry refers to a Reflected Cross-Site Scripting (XSS) vulnerability in the WordPress Code Snippets plugin up to version 2.14.3, exploitable via the &orderby parameter. Affected software: Code Snippets plugin for WordPress (

WordPress plugin Code Snippets 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Code Snippets plugin cross-site scripting vulnerability, which originates from the &orderby paramet...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. cross-site scripting vulnerability exists in versions of the Code Snippets plugin for WordPress prior to 2.14.3,...

WordPress Code Snippets plugin <= 2.14.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Code Snippets plugin versions = 2.14.2. Solution Update the WordPress Code Snippets plugin to the latest available version at least 2.14.3...

Code Snippets Plugin for WordPress < 2.14.0 Cross-Site Request Forgery

The WordPress Code Snippets Plugin installed on the remote host is affected by a cross-site request forgery CSRF vulnerability that could lead to remote code execution. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...