576 matches found
CVE-2026-1785
The Code Snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9.4. This is due to missing nonce validation on the cloud snippet download and update actions in the CloudSearchListTable class. This makes it possible for unauthenticated...
CVE-2026-1785
The Code Snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9.4. This is due to missing nonce validation on the cloud snippet download and update actions in the CloudSearchListTable class. This makes it possible for unauthenticated...
CVE-2026-1785 Code Snippets <= 3.9.4 - Cross-Site Request Forgery to Cloud Snippet Download/Update Actions
The Code Snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9.4. This is due to missing nonce validation on the cloud snippet download and update actions in the CloudSearchListTable class. This makes it possible for unauthenticated...
EUVD-2026-5650
The Code Snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9.4. This is due to missing nonce validation on the cloud snippet download and update actions in the CloudSearchListTable class. This makes it possible for unauthenticated...
CVE-2026-1785
The CVE-2026-1785 entry concerns the Code Snippets plugin for WordPress, affected versions up to and including 3.9.4. The root cause is missing nonce validation on the cloud snippet download and update actions in the Cloud_Search_List_Table class, enabling Cross‑Site Request Forgery (CSRF). This ...
CVE-2026-1785
The Code Snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9.4. This is due to missing nonce validation on the cloud snippet download and update actions in the CloudSearchListTable class. This makes it possible for unauthenticated...
CVE-2026-1785 Code Snippets <= 3.9.4 - Cross-Site Request Forgery to Cloud Snippet Download/Update Actions
The Code Snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9.4. This is due to missing nonce validation on the cloud snippet download and update actions in the CloudSearchListTable class. This makes it possible for unauthenticated...
CVE-2026-1785 Code Snippets <= 3.9.4 - Cross-Site Request Forgery to Cloud Snippet Download/Update Actions
The Code Snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9.4. This is due to missing nonce validation on the cloud snippet download and update actions in the CloudSearchListTable class. This makes it possible for unauthenticated...
WordPress Code Snippets plugin <= 3.9.4 - Cross-Site Request Forgery to Cloud Snippet Download/Update Actions vulnerability
Cross-Site Request Forgery to Cloud Snippet Download/Update Actions vulnerability discovered by type5afe in WordPress Plugin Code Snippets versions = 3.9.4...
WordPress plugin Code Snippets 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
PT-2026-6692
Name of the Vulnerable Software and Affected Versions Code Snippets plugin for WordPress versions up to and including 3.9.4 Description The Code Snippets plugin for WordPress is susceptible to Cross-Site Request Forgery. This is a result of a lack of nonce validation on the cloud snippet download...
CVE-2026-25517 Wagtail has improper permission handling on admin preview endpoints
Wagtail is an open source content management system built on Django. Prior to versions 6.3.6, 7.0.4, 7.1.3, 7.2.2, and 7.3, due to a missing permission check on the preview endpoints, a user with access to the Wagtail admin and knowledge of a model's fields can craft a form submission to obtain a...
CVE-2026-25517
Wagtail CVE-2026-25517 involves missing permission checks on admin preview endpoints. Before versions 6.3.6, 7.0.4, 7.1.3, 7.2.2, and 7.3, an admin user who knows a model’s fields can craft a form submission to render previews of pages, snippets, or site settings with arbitrary data. The preview ...
CVE-2026-25517 Wagtail has improper permission handling on admin preview endpoints
Wagtail is an open source content management system built on Django. Prior to versions 6.3.6, 7.0.4, 7.1.3, 7.2.2, and 7.3, due to a missing permission check on the preview endpoints, a user with access to the Wagtail admin and knowledge of a model's fields can craft a form submission to obtain a...
CVE-2026-25517
Wagtail is an open source content management system built on Django. Prior to versions 6.3.6, 7.0.4, 7.1.3, 7.2.2, and 7.3, due to a missing permission check on the preview endpoints, a user with access to the Wagtail admin and knowledge of a model's fields can craft a form submission to obtain a...
Wagtail 安全漏洞
Wagtail is an open-source content management system CMS developed by Wagtail. Vulnerabilities exist in versions prior to Wagtail 6.3.6, 7.0.4, 7.1.3, 7.2.2, and 7.3. These vulnerabilities stem from the lack of permission checks on preview endpoints, which could allow unauthorized access to any...
CVE-2025-52023
A vulnerability in the PHP backend of gemscms.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This occurs when specially crafted HTTP GET/POST requests are sent to public A...
CVE-2025-52023
A vulnerability in the PHP backend of gemscms.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This occurs when specially crafted HTTP GET/POST requests are sent to public A...
CVE-2021-47841
SnipCommand 0.1.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into command snippets. Attackers can execute arbitrary code by embedding malicious JavaScript that triggers remote command execution through file or title inputs...
CVE-2021-47841
SnipCommand 0.1.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into command snippets. Attackers can execute arbitrary code by embedding malicious JavaScript that triggers remote command execution through file or title inputs...