WordPress Code Snippets Plugin < 2.14.3 XSS Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

CVE-2021-25008

The Code Snippets WordPress plugin before 2.14.3 does not escape the snippets-safe-mode parameter before outputting it back in attributes, leading to a Reflected Cross-Site Scripting issue...

CVE-2021-25008

The Code Snippets WordPress plugin prior to version 2.14.3 does not escape the snippets-safe-mode parameter before reflecting it in attributes, which leads to a reflected XSS. Affected: WordPress Code Snippets plugin for WordPress (versions

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. cross-site scripting vulnerability exists in versions of the Code Snippets plugin for WordPress prior to 2.14.3,...

WordPress Code Snippets plugin <= 2.14.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Code Snippets plugin versions = 2.14.2. Solution Update the WordPress Code Snippets plugin to the latest available version at least 2.14.3...

Code Snippets < 2.14.3 - Reflected Cross-Site Scripting

The plugin does not escape the snippets-safe-mode parameter before outputting it back in attributes, leading to a Reflected Cross-Site Scripting issue...

Code Snippets < 2.14.3 - Reflected Cross-Site Scripting

The plugin does not escape the snippets-safe-mode parameter before outputting it back in attributes, leading to a Reflected Cross-Site Scripting issue PoC...

Open-xchange OX App Suite Cross-Site Scripting Vulnerability (CNVD-2021-90754)

Open-xchange OX App Suite is a Web cloud desktop environment from Open-Xchange Open-xchange, a US-based company. The environment allows users to more intuitively manage email, tasks, files, etc. A cross-site scripting vulnerability exists in Open-xchange OX App Suite, which can be exploited by...

Open-xchange OX App Suite Cross-Site Scripting Vulnerability (CNVD-2021-90761)

Open-xchange OX App Suite is a Web cloud desktop environment from Open-Xchange Open-xchange, a US-based company. The environment allows users to more intuitively manage email, tasks, files, etc. A cross-site scripting vulnerability exists in Open-xchange OX App Suite, which can be exploited by...

Open-xchange OX App Suite Cross-Site Scripting Vulnerability (CNVD-2021-90755)

Open-xchange OX App Suite is a Web cloud desktop environment from Open-Xchange Open-xchange, a US-based company. The environment allows users to more intuitively manage email, tasks, files, etc. A cross-site scripting vulnerability exists in Open-xchange OX App Suite, which can be exploited by...

Huan - Encrypted PE Loader Generator

Huan is an encrypted PE Loader Generator that I developed for learning PE file structure and PE loading processes. It encrypts the PE file to be run with different keys each time and embeds it in a new section of the loader binary. Currently, it works on 64 bit PE files. How It Works? First, Huan...

GitHub Launches 'Copilot' — AI-Powered Code Completion Tool

GitHub on Tuesday launched a technical preview of a new AI-powered pair programming tool that aims to help software developers write better code across a variety of programming languages, including Python, JavaScript, TypeScript, Ruby, and Go. Copilot, as the code synthesizer is called, has been...

MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 cross-site scripting vulnerability (CNVD-2021-17235)

Mb Connect Line MB CONNECT LINE mymbCONNECT24 is an in-house remote maintenance solution for virtual environments from MB CONNECT LINE Mb Connect Line, Germany. A cross-site scripting vulnerability exists in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24, which arises from the failure of a network...

Code Snippets Plugin for WordPress < 2.14.0 Cross-Site Request Forgery

The WordPress Code Snippets Plugin installed on the remote host is affected by a cross-site request forgery CSRF vulnerability that could lead to remote code execution. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...

WordPress Code Snippets Plugin Cross Site Request Forgery (CVE-2020-8417)

A cross site request forgery vulnerability exists in WordPress Code Snippets plugin. Successful exploitation of this vulnerability can result in the execution of arbitrary code on the affected system...

WordPress Code Snippets Cross-Site Request Forgery Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the WordPress plugin Code Snippets. An attacker can exploit the...

200K WordPress Sites Vulnerable to Plugin Flaw

A high-severity vulnerability exists in a popular WordPress plugin, potentially opening up 200,000 websites to takeover. The WordPress plugin in question in Code Snippets, which allows users to run small chunks of PHP code on their websites. This can be used to extend the functionality of the...

Code Snippets < 2.14.0 - CSRF to RCE

This "flaw allowed anybody to forge a request on behalf of an administrator and inject executable code on a vulnerable site." PoC...

WordPress Code Snippets plugin <= 2.13.3 - Cross-Site Request Forgery (CSRF) to Remote Code Execution (RCE) vulnerability

Cross-Site Request Forgery CSRF to Remote Code Execution RCE vulnerability found by Chloe Chamberland in WordPress Code Snippets plugin versions = 2.13.3. Solution Update the WordPress Code Snippets plugin to the latest available version at least 2.14.0...

CVE-2020-8417

The Code Snippets plugin before 2.14.0 for WordPress allows CSRF because of the lack of a Referer check on the import menu...