WordPress “Code Snippets” Plugin Vulnerability Risked More Than 200K Websites
WordPress “Code Snippets” Plugin Vulnerability Risked More Than 200K Websites
Researchers have found another WordPress threat to thousands of websites. In fact, they are a powerful vulnerability in the Code Snippets plugin. The Vulnerability Code Wordpress was recently discovered when a major vulnerability was found in WordPress. As they reveal their identities, CSRF is vulnerable to code concealment. By using a bug a hacker can gain control of the target websites.
This is a very serious problem that leads to site capture, display, and more. In short, CSRF does not protect the Code Import feature. This allowed the attacker to attack malicious applications and code on the landing page. Even code imported via the plugin is "disabled" by default. Ideally, this would prevent any code from being deployed when offering a CSRF.
However, the researchers found that the enemy could avoid this situation. The attacker can simply insert a "strong" flag with a value of "1" into the body of the JSON containing the code import information, and the code will be included in the import.
Post a Comment