WordPress Plugin Vulnerabilities

Code Snippets Extended <= 1.4.7 - Arbitrary Snippet Deletion/Disabling via CSRF

Description

The plugin does not have CSRF in place when deleting or disabling snippets, which could allow attackers to make a logged in admin delete them

Affects Plugins

Plugin icon
code-snippets-extended
No known fix

References

CVE
CVE-2022-29435

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
BEE-K
Verified
No
WPVDB ID
a0a8a3cc-ad93-4e00-b2fc-5bc3568d1381

Timeline

Publicly Published
2022-05-17 (about 3 years ago)
Added
2022-05-18 (about 3 years ago)
Last Updated
2023-02-07 (about 3 years ago)

Other

Published
Title
Published
2023-02-28
Title
WP TFeed <= 1.6.9 - Delete cache via CSRF
Published
2024-01-31
Title
Accessibility < 1.0.7 - Cross-Site Request Forgery
Published
2023-10-22
Title
Wp Ultimate Review < 2.3.1 - Settings Update via CSRF
Published
2022-05-31
Title
OpenBook Book Data <= 3.5.2 - Arbitrary Settings Update to Stored XSS via CSRF
Published
2025-08-22
Title
Tutor LMS < 1.20 - Settings Update via CSRF