WordPress “Code Snippets” Plugin Vulnerability Risked More Than 200K Websites

WordPress “Code Snippets” Plugin Vulnerability Risked More Than 200K Websites




WordPress “Code Snippets” Plugin Vulnerability Risked More Than 200K Websites


Researchers have found another WordPress threat to thousands of websites. In fact, they are a powerful vulnerability in the Code Snippets plugin. The Vulnerability Code Wordpress was recently discovered when a major vulnerability was found in WordPress. As they reveal their identities, CSRF is vulnerable to code concealment. By using a bug a hacker can gain control of the target websites. 

WordPress “Code Snippets” Plugin Vulnerability Risked More Than 200K Websites

This is a very serious problem that leads to site capture, display, and more. In short, CSRF does not protect the Code Import feature. This allowed the attacker to attack malicious applications and code on the landing page. Even code imported via the plugin is "disabled" by default. Ideally, this would prevent any code from being deployed when offering a CSRF. 

WordPress “Code Snippets” Plugin Vulnerability Risked More Than 200K Websites

However, the researchers found that the enemy could avoid this situation. The attacker can simply insert a "strong" flag with a value of "1" into the body of the JSON containing the code import information, and the code will be included in the import.


No comments

We love comments! We appreciate your queries but to protect from being spammed, all comments will be moderated by our human moderators. Read our full comment policy here.
Let's enjoy a happy and meaningful conversation ahead!