WordPress Plugin Vulnerabilities

Code Snippets < 2.14.4 - Reflected Cross-Site Scripting

Description

The plugin does not sanitise and escape a parameter before outputting it back in a page, leading to a Reflected Cross-Site Scripting

Affects Plugins

Plugin icon
code-snippets
Fixed in 2.14.4

References

CVE
CVE-2022-25617

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
BEE-K
Verified
No
WPVDB ID
864c1845-ae0e-4a21-be05-bf594840873e

Timeline

Publicly Published
2022-05-18 (about 3 years ago)
Added
2022-05-29 (about 3 years ago)
Last Updated
2023-02-22 (about 3 years ago)

Other

Published
Title
Published
2026-04-02
Title
MSTW League Manager <= 2.10 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2024-11-20
Title
ForumEngine < 1.9 - Reflected Cross-Site Scripting
Published
2024-05-20
Title
Simple Popup Manager <= 1.3.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2024-05-10
Title
Propovoice CRM < 1.7.6.3 - Unauthenticated Stored Cross-Site Scripting
Published
2024-12-20
Title
WP on AWS < 5.2.2 - Reflected Cross-Site Scripting