PT-2026-6692 · WordPress · Code Snippets+1
Type5Afe
·
Published
2026-02-06
·
Updated
2026-02-06
·
CVE-2026-1785
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Code Snippets plugin for WordPress versions up to and including 3.9.4
Description
The Code Snippets plugin for WordPress is susceptible to Cross-Site Request Forgery. This is a result of a lack of nonce validation on the cloud snippet download and update actions within the
Cloud Search List Table class. This allows unauthenticated attackers to compel logged-in administrators to download or update cloud snippets without their knowledge, provided they can lure an administrator to a malicious webpage.Recommendations
Update the Code Snippets plugin to a version later than 3.9.4.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Code Snippets
Wordpress