4 matches found
CVE-2026-1785
The Code Snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9.4. This is due to missing nonce validation on the cloud snippet download and update actions in the CloudSearchListTable class. This makes it possible for unauthenticated...
CVE-2026-1785
The Code Snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9.4. This is due to missing nonce validation on the cloud snippet download and update actions in the CloudSearchListTable class. This makes it possible for unauthenticated...
EUVD-2026-5650
The Code Snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9.4. This is due to missing nonce validation on the cloud snippet download and update actions in the CloudSearchListTable class. This makes it possible for unauthenticated...
CVE-2024-12263 Child Theme Creator by Orbisius <= 1.5.5 - Missing Authorization to Authenticated (Subscriber+) Cloud Snippet Update/Delete
The Child Theme Creator by Orbisius plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clouddelete and cloudupdate functions in all versions up to, and including, 1.5.5. This makes it possible for authenticated attackers, with...