CVE-2022-29436

Persistent Cross-Site Scripting XSS vulnerability in Alexander Stokmann's Code Snippets Extended plugin = 1.4.7 on WordPress via Cross-Site Request Forgery vulnerable parameters , code...

WordPress plugin Code Snippets Extended 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress Code...

Code Snippets Extended <= 1.4.7 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF in place when creating/editing snippets, as well as is lacking sanitisation and escaping in some fields, which could allow attackers to make a logged in admin create/edit arbitrary snippets and place XSS payloads in them...

WordPress plugin Code Snippets Extended 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Code Snippets Extended has a cross-site scripting vulnerability, and no details of the...

WordPress plugin Code Snippets Extended 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Code Snippets Extended is vulnerable to cross-site request forgery, which can be exploited by...

WordPress Code Snippets Extended plugin <= 1.4.7 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by BEE-K Patchstack in WordPress Code Snippets Extended plugin versions = 1.4.7. Solution Deactivate and delete. No patched version is available. No reply from the vendor...

PT-2022-19602 · WordPress · Code Snippets Extended

Name of the Vulnerable Software and Affected Versions: Code Snippets Extended plugin versions 1.4.7 and earlier Description: The issue concerns a Remote Code Execution RCE in the Code Snippets Extended plugin for WordPress, which can be exploited via Cross-Site Request Forgery. Recommendations: F...

CVE-2022-29429

Remote Code Execution RCE in Alexander Stokmann's Code Snippets Extended plugin = 1.4.7 on WordPress via Cross-Site Request Forgery...

WordPress Code Snippets Extended plugin <= 1.4.7 - Cross-Site Request Forgery (CSRF) leading to Remote Code Execution (RCE) vulnerability

Cross-Site Request Forgery CSRF leading to Remote Code Execution RCE vulnerability discovered by Rasi Afeef Patchstack Alliance in WordPress Code Snippets Extended plugin versions = 1.4.7. Solution No patched version is available. No reply from the vendor...

Code Snippets Extended <= 1.4.7 - RCE via CSRF

The plugin could allow attackers to perform RCE by using a CSRF attack against a logged in admin...

Use .call instead of .transfer for increased security

Lines of code Vulnerability details Impact The issue highlighted here will reduce gas costs and avoid hacks Proof of Concept The .transfer function at the following places can be replaced with .call as the former has a hard dependency on gas costs as it forwards a fixed amount of gas: 2300. For...

WordPress Post Snippets plugin cross-site request forgery vulnerability

WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. cross-site request forgery vulnerability exists in versions of the WordPress Post Snippets plugin prior to 3.1.4, which stems fro...

WordPress Easy Code Snippets plugin <= 1.0.0 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Easy Code Snippets plugin versions = 1.0.0. Solution Update the WordPress Easy Code Snippets plugin to the latest available version at least 1.0.1...

WordPress Easy Code Snippets plugin <= 1.0.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Easy Code Snippets plugin versions = 1.0.0. Solution Update the WordPress Easy Code Snippets plugin to the latest available version at least 1.0.1...

CVE-2022-24664

PHP Everywhere = 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress metaboxes, which could be used by any user able to edit posts...

CVE-2022-24665

PHP Everywhere = 2.0.3 included functionality that allowed execution of PHP Code Snippets via a WordPress gutenberg block by any user able to edit posts...

CVE-2022-24665 Remote Code Execution by by Contributor+ users via WordPress gutenberg block

PHP Everywhere = 2.0.3 included functionality that allowed execution of PHP Code Snippets via a WordPress gutenberg block by any user able to edit posts...

CVE-2022-24664

PHP Everywhere = 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress metaboxes, which could be used by any user able to edit posts. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

CVE-2022-24663

PHP Everywhere = 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress shortcodes, which can be used by any authenticated user. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

WordPress Code Snippets plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. cross-site scripting vulnerability exists in versions of the Code Snippets plugin for WordPress prior to 2.14.3,...