WordPress Plugin Vulnerabilities

Code Snippets Extended <= 1.4.7 - RCE via CSRF

Description

The plugin could allow attackers to perform RCE by using a CSRF attack against a logged in admin

Affects Plugins

Plugin icon
code-snippets-extended
No known fix

References

CVE
CVE-2022-29429

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
8.8 (high)

Miscellaneous

Original Researcher
Rasi Afeef
Verified
No
WPVDB ID
2259975b-fccd-4a4a-8266-bc6eb5614050

Timeline

Publicly Published
2022-05-04 (about 4 years ago)
Added
2022-05-17 (about 3 years ago)
Last Updated
2023-02-07 (about 3 years ago)

Other

Published
Title
Published
2023-03-31
Title
Really Simple Google Tag Manager < 1.0.7 - Arbitrary Plugin Activation via CSRF
Published
2024-02-07
Title
ImageRecycle pdf & image compression < 3.1.14 - Cross-Site Request Forgery to Settings Update in enableOptimization
Published
2025-08-22
Title
Restore Permanently delete Post or Page Data <= 1.0 - Cross-Site Request Forgery
Published
2025-02-24
Title
Bulk Content Creator <= 1.2.1 - Cross-Site Request Forgery
Published
2019-02-23
Title
Peters Login Redirect <= 2.9.1 - Multiple CSRF