CVE-2026-2723

Name of the Vulnerable Software and Affected Versions Post Snippits versions prior to 1.1

Description The Post Snippits plugin for WordPress is susceptible to Cross-Site Request Forgery (CSRF). This is caused by a lack of nonce validation on the settings page handlers for saving, adding, and deleting snippets. An unauthenticated attacker could potentially modify plugin settings and inject malicious scripts by tricking a site administrator into performing an action, such as clicking a link. The attack requires the administrator to perform an action.

Recommendations Update Post Snippits to version 1.1 or later.