CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47666 – WordPress Code Snippets Plugin <= 3.5.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-47666
06 Nov 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Code Snippets Pro Code Snippets.This issue affects Code Snippets: from n/a through 3.5.0. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Code Snippets Pro Code Snippets. Este problema afecta a Code Snippets: desde n/a hasta 3.5.0. The Code Snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.5.0. This is due to missing or incorrect nonce validation on the load function. • https://patchstack.com/database/vulnerability/code-snippets/wordpress-code-snippets-plugin-3-5-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-25617 – WordPress Code Snippets plugin <= 2.14.3 - Reflected Cross-Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2022-25617
18 May 2022 — Reflected Cross-Site Scripting (XSS) vulnerability in Code Snippets plugin <= 2.14.3 at WordPress via &orderby vulnerable parameter. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) Reflejado en el plugin Code Snippets versiones anteriores a 2.14.3 incluyéndola, en WordPress por medio del parámetro vulnerable &orderby • https://patchstack.com/database/vulnerability/code-snippets/wordpress-code-snippets-plugin-2-14-3-authenticated-reflected-cross-site-scripting-xss-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-25008 – Code Snippets < 2.14.3 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-25008
27 Dec 2021 — The Code Snippets WordPress plugin before 2.14.3 does not escape the snippets-safe-mode parameter before outputting it back in attributes, leading to a Reflected Cross-Site Scripting issue El plugin Code Snippets de WordPress versiones anteriores a 2.14.3, no escapa del parámetro snippets-safe-mode antes de devolverlo en atributos, conllevando a un problema de tipo Cross-Site Scripting Reflejado • https://wpscan.com/vulnerability/cb232354-f74d-48bb-b437-7bdddd1df42a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 5CVE-2020-8417 – Code Snippets <= 2.13.3 - Cross-Site Request Forgery to Remote Code Execution
https://notcve.org/view.php?id=CVE-2020-8417
28 Jan 2020 — The Code Snippets plugin before 2.14.0 for WordPress allows CSRF because of the lack of a Referer check on the import menu. El complemento Code Snippets versiones anteriores a 2.14.0 para WordPress, permite un ataque de tipo CSRF debido a la falta de una comprobación de Referer en el menú de importación. • https://github.com/waleweewe12/CVE-2020-8417 • CWE-352: Cross-Site Request Forgery (CSRF) •