2 matches found
CVE-2021-25010
CVE-2021-25010 affects the WordPress Post Snippets plugin prior to 3.1.4. The root cause is absence of CSRF checks when importing files, allowing a logged-in admin to import arbitrary snippets. Imported snippets are not sanitized/escaped, enabling Stored Cross-Site Scripting (XSS). Documented ref...
CVE-2023-25459
CVE-2023-25459 affects the WordPress plugin Post Snippets (Postsnippets) up to v4.0.2. It is an admin-authenticated stored XSS via the snippet_content field; patch to v4.0.3. CVSS/impact details vary by source (NVD/Wordfence/Patchstack report low-to-medium risk; documented exploitation not provid...