CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47666 – WordPress Code Snippets Plugin <= 3.5.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-47666
06 Nov 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Code Snippets Pro Code Snippets.This issue affects Code Snippets: from n/a through 3.5.0. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Code Snippets Pro Code Snippets. Este problema afecta a Code Snippets: desde n/a hasta 3.5.0. The Code Snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.5.0. This is due to missing or incorrect nonce validation on the load function. • https://patchstack.com/database/vulnerability/code-snippets/wordpress-code-snippets-plugin-3-5-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23645 – WordPress MainWP Code Snippets Extension Plugin <= 4.0.2 - Subscriber+ Arbitrary PHP Code Injection/Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-23645
18 Jan 2023 — Improper Control of Generation of Code ('Code Injection') vulnerability in MainWP MainWP Code Snippets Extension allows Code Injection.This issue affects MainWP Code Snippets Extension: from n/a through 4.0.2. Vulnerabilidad de control inadecuado de generación de código ("inyección de código") en MainWP MainWP Code Snippets Extension permite la inyección de código. Este problema afecta a MainWP Code Snippets Extension: desde n/a hasta 4.0.2. The MainWP Code Snippets Extension for WordPress is vulnerable to ... • https://patchstack.com/database/vulnerability/mainwp-code-snippets-extension/wordpress-mainwp-code-snippets-extension-plugin-4-0-2-subscriber-arbitrary-php-code-injection-execution-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23655 – MainWP Code Snippets Extension <= 4.0.2 - Missing Authorization to Plugin Settings Change
https://notcve.org/view.php?id=CVE-2023-23655
17 Jan 2023 — The MainWP Code Snippets Extension plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 4.0.2 due to a missing capability check. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change the plugin's settings. • CWE-862: Missing Authorization •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29435 – WordPress Code Snippets Extended plugin <= 1.4.7 - Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2022-29435
17 May 2022 — Cross-Site Request Forgery (CSRF) vulnerability in Alexander Stokmann's Code Snippets Extended plugin <= 1.4.7 on WordPress allows an attacker to delete or to turn on/off snippets. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el plugin Code Snippets Extended de Alexander Stokmann versiones anteriores a 1.4.7 incluyéndola, en WordPress, permite a un atacante eliminar o habilitar/deshabilitar snippets • https://patchstack.com/database/vulnerability/code-snippets-extended/wordpress-code-snippets-extended-plugin-1-4-7-cross-site-request-forgery-csrf-vulnerability • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29436 – WordPress Code Snippets Extended plugin <= 1.4.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Persistent Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2022-29436
17 May 2022 — Persistent Cross-Site Scripting (XSS) vulnerability in Alexander Stokmann's Code Snippets Extended plugin <= 1.4.7 on WordPress via Cross-Site Request Forgery (vulnerable parameters &title, &snippet_code). Una vulnerabilidad persistente de tipo Cross-Site Scripting (XSS) en el plugin Code Snippets Extended de Alexander Stokmann versiones anteriores a 1.4.7 incluyéndola, en WordPress, por medio de un ataque de tipo Cross-Site Request Forgery (parámetros vulnerables &title, &snippet_code) • https://patchstack.com/database/vulnerability/code-snippets-extended/wordpress-code-snippets-extended-plugin-1-4-7-cross-site-request-forgery-csrf-vulnerability-leading-to-persistent-cross-site-scripting-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29429 – WordPress Code Snippets Extended plugin <= 1.4.7 - Cross-Site Request Forgery (CSRF) leading to Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2022-29429
04 May 2022 — Remote Code Execution (RCE) in Alexander Stokmann's Code Snippets Extended plugin <= 1.4.7 on WordPress via Cross-Site Request Forgery. Una Ejecución de Código Remota (RCE) en el plugin Code Snippets Extended de Alexander Stokmann versiones anteriores a 1.4.7 incluyéndola, en WordPress, por medio de un ataque de tipo Cross-Site Request Forgery • https://patchstack.com/database/vulnerability/code-snippets-extended/wordpress-code-snippets-extended-plugin-1-4-7-cross-site-request-forgery-csrf-leading-to-remote-code-execution-rce-vulnerability • CWE-352: Cross-Site Request Forgery (CSRF) •