PT-2026-6692 · WordPress · Code Snippets+1
Type5Afe
·
Publicado
2026-02-06
·
Atualizado
2026-02-06
·
CVE-2026-1785
CVSS v3.1
4.3
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Code Snippets plugin for WordPress versions up to and including 3.9.4
Description
The Code Snippets plugin for WordPress is susceptible to Cross-Site Request Forgery. This is a result of a lack of nonce validation on the cloud snippet download and update actions within the
Cloud Search List Table class. This allows unauthenticated attackers to compel logged-in administrators to download or update cloud snippets without their knowledge, provided they can lure an administrator to a malicious webpage.Recommendations
Update the Code Snippets plugin to a version later than 3.9.4.
Correção
CSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Code Snippets
Wordpress