Lucene search
K

576 matches found

RedhatCVE
RedhatCVE
added 2026/02/07 1:13 p.m.13 views

CVE-2026-1785

The Code Snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9.4. This is due to missing nonce validation on the cloud snippet download and update actions in the CloudSearchListTable class. This makes it possible for unauthenticated...

4.3CVSS5.4AI score0.00191EPSS
Exploits0References1
NVD
NVD
added 2026/02/06 9:15 a.m.15 views

CVE-2026-1785

The Code Snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9.4. This is due to missing nonce validation on the cloud snippet download and update actions in the CloudSearchListTable class. This makes it possible for unauthenticated...

4.3CVSS0.00191EPSS
Exploits0References6
OSV
OSV
added 2026/02/06 8:25 a.m.7 views

CVE-2026-1785 Code Snippets <= 3.9.4 - Cross-Site Request Forgery to Cloud Snippet Download/Update Actions

The Code Snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9.4. This is due to missing nonce validation on the cloud snippet download and update actions in the CloudSearchListTable class. This makes it possible for unauthenticated...

4.3CVSS6AI score0.00191EPSS
Exploits0References8
EUVD
EUVD
added 2026/02/06 8:25 a.m.6 views

EUVD-2026-5650

The Code Snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9.4. This is due to missing nonce validation on the cloud snippet download and update actions in the CloudSearchListTable class. This makes it possible for unauthenticated...

4.3CVSS5.4AI score0.00191EPSS
Exploits0References6
CVE
CVE
added 2026/02/06 8:25 a.m.19 views

CVE-2026-1785

The CVE-2026-1785 entry concerns the Code Snippets plugin for WordPress, affected versions up to and including 3.9.4. The root cause is missing nonce validation on the cloud snippet download and update actions in the Cloud_Search_List_Table class, enabling Cross‑Site Request Forgery (CSRF). This ...

4.3CVSS5.5AI score0.00191EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/02/06 8:25 a.m.6 views

CVE-2026-1785

The Code Snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9.4. This is due to missing nonce validation on the cloud snippet download and update actions in the CloudSearchListTable class. This makes it possible for unauthenticated...

4.3CVSS5.5AI score0.00191EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/02/06 8:25 a.m.32 views

CVE-2026-1785 Code Snippets <= 3.9.4 - Cross-Site Request Forgery to Cloud Snippet Download/Update Actions

The Code Snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9.4. This is due to missing nonce validation on the cloud snippet download and update actions in the CloudSearchListTable class. This makes it possible for unauthenticated...

4.3CVSS0.00191EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/02/06 8:25 a.m.3 views

CVE-2026-1785 Code Snippets <= 3.9.4 - Cross-Site Request Forgery to Cloud Snippet Download/Update Actions

The Code Snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9.4. This is due to missing nonce validation on the cloud snippet download and update actions in the CloudSearchListTable class. This makes it possible for unauthenticated...

4.3CVSS5.5AI score0.00191EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/02/06 12:40 a.m.8 views

WordPress Code Snippets plugin <= 3.9.4 - Cross-Site Request Forgery to Cloud Snippet Download/Update Actions vulnerability

Cross-Site Request Forgery to Cloud Snippet Download/Update Actions vulnerability discovered by type5afe in WordPress Plugin Code Snippets versions = 3.9.4...

4.3CVSS5.4AI score0.00191EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.8 views

WordPress plugin Code Snippets 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

4.3CVSS5.7AI score0.00191EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.23 views

PT-2026-6692

Name of the Vulnerable Software and Affected Versions Code Snippets plugin for WordPress versions up to and including 3.9.4 Description The Code Snippets plugin for WordPress is susceptible to Cross-Site Request Forgery. This is a result of a lack of nonce validation on the cloud snippet download...

4.3CVSS5.5AI score0.00191EPSS
Exploits0References10
OSV
OSV
added 2026/02/04 8:48 p.m.4 views

CVE-2026-25517 Wagtail has improper permission handling on admin preview endpoints

Wagtail is an open source content management system built on Django. Prior to versions 6.3.6, 7.0.4, 7.1.3, 7.2.2, and 7.3, due to a missing permission check on the preview endpoints, a user with access to the Wagtail admin and knowledge of a model's fields can craft a form submission to obtain a...

5.1CVSS5.4AI score0.00343EPSS
Exploits0References8
CVE
CVE
added 2026/02/04 8:48 p.m.16 views

CVE-2026-25517

Wagtail CVE-2026-25517 involves missing permission checks on admin preview endpoints. Before versions 6.3.6, 7.0.4, 7.1.3, 7.2.2, and 7.3, an admin user who knows a model’s fields can craft a form submission to render previews of pages, snippets, or site settings with arbitrary data. The preview ...

5.1CVSS5.3AI score0.00343EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/02/04 8:48 p.m.33 views

CVE-2026-25517 Wagtail has improper permission handling on admin preview endpoints

Wagtail is an open source content management system built on Django. Prior to versions 6.3.6, 7.0.4, 7.1.3, 7.2.2, and 7.3, due to a missing permission check on the preview endpoints, a user with access to the Wagtail admin and knowledge of a model's fields can craft a form submission to obtain a...

5.1CVSS0.00343EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/02/04 8:48 p.m.6 views

CVE-2026-25517

Wagtail is an open source content management system built on Django. Prior to versions 6.3.6, 7.0.4, 7.1.3, 7.2.2, and 7.3, due to a missing permission check on the preview endpoints, a user with access to the Wagtail admin and knowledge of a model's fields can craft a form submission to obtain a...

5.1CVSS5.3AI score0.00343EPSS
Exploits0References7Affected Software1
CNNVD
CNNVD
added 2026/02/04 12:0 a.m.8 views

Wagtail 安全漏洞

Wagtail is an open-source content management system CMS developed by Wagtail. Vulnerabilities exist in versions prior to Wagtail 6.3.6, 7.0.4, 7.1.3, 7.2.2, and 7.3. These vulnerabilities stem from the lack of permission checks on preview endpoints, which could allow unauthorized access to any...

5.1CVSS6AI score0.00343EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/01/23 12:0 a.m.5 views

CVE-2025-52023

A vulnerability in the PHP backend of gemscms.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This occurs when specially crafted HTTP GET/POST requests are sent to public A...

5.3CVSS5.9AI score0.00407EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/23 12:0 a.m.8 views

CVE-2025-52023

A vulnerability in the PHP backend of gemscms.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This occurs when specially crafted HTTP GET/POST requests are sent to public A...

5.9AI score0.00407EPSS
Exploits0References1
NVD
NVD
added 2026/01/16 7:16 p.m.3 views

CVE-2021-47841

SnipCommand 0.1.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into command snippets. Attackers can execute arbitrary code by embedding malicious JavaScript that triggers remote command execution through file or title inputs...

6.1CVSS0.00378EPSS
Exploits0References4
OSV
OSV
added 2026/01/16 7:16 p.m.3 views

CVE-2021-47841

SnipCommand 0.1.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into command snippets. Attackers can execute arbitrary code by embedding malicious JavaScript that triggers remote command execution through file or title inputs...

5.1CVSS6.1AI score0.00378EPSS
Exploits0References4
Rows per page
Query Builder