WordPress “Code Snippets” Plugin Vulnerability Risked More Than 200K Websites

WordPress “Code Snippets” Plugin Vulnerability Risked More Than 200K Websites




WordPress “Code Snippets” Plugin Vulnerability Risked More Than 200K Websites


Researchers have found another WordPress threat to thousands of websites. In fact, they are a powerful vulnerability in the Code Snippets plugin. The Vulnerability Code Wordpress was recently discovered when a major vulnerability was found in WordPress. As they reveal their identities, CSRF is vulnerable to code concealment. By using a bug a hacker can gain control of the target websites. 

WordPress “Code Snippets” Plugin Vulnerability Risked More Than 200K Websites

This is a very serious problem that leads to site capture, display, and more. In short, CSRF does not protect the Code Import feature. This allowed the attacker to attack malicious applications and code on the landing page. Even code imported via the plugin is "disabled" by default. Ideally, this would prevent any code from being deployed when offering a CSRF. 

WordPress “Code Snippets” Plugin Vulnerability Risked More Than 200K Websites

However, the researchers found that the enemy could avoid this situation. The attacker can simply insert a "strong" flag with a value of "1" into the body of the JSON containing the code import information, and the code will be included in the import.


Post a Comment

We’re eager to see your comment. However, Please Keep in mind that all comments are moderated manually by our human reviewers according to our comment policy, and all the links are nofollow. Using Keywords in the name field area is forbidden. Let’s enjoy a personal and evocative conversation.

أحدث أقدم