CVE-2021-25010

Name of the Vulnerable Software and Affected Versions Post Snippets WordPress plugin versions prior to 3.1.4

Description The issue allows an attacker to make a logged-in admin import arbitrary snippets due to the lack of a CSRF check when importing files. Additionally, the imported snippets are not sanitized and escaped, which could lead to Stored Cross-Site Scripting issues.

Recommendations For Post Snippets WordPress plugin versions prior to 3.1.4, update to version 3.1.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the file import functionality to minimize the risk of exploitation.