Headline
CVE-2022-29429: WordPress Code Snippets Extended plugin <= 1.4.7 - Cross-Site Request Forgery (CSRF) leading to Remote Code Execution (RCE) vulnerability - Patchstack
Remote Code Execution (RCE) in Alexander Stokmann’s Code Snippets Extended plugin <= 1.4.7 on WordPress via Cross-Site Request Forgery.
code-snippets-extended
Software
Code Snippets Extended
Vulnerable Versions
<= 1.4.7
Fixed in version
CVE
CVE-2022-29429
References
Credits
Classification
Cross Site Request Forgery (CSRF)
OWASP Top 10
A5: Broken Access Control
Disclosure Date
2022-05-04
CVSS 3.0 score
Plugin does not exist, is not supported or discontinued.
Are your websites subject to this vulnerability?
Details
Cross-Site Request Forgery (CSRF) leading to Remote Code Execution (RCE) vulnerability discovered by Rasi Afeef (Patchstack Alliance) in WordPress Code Snippets Extended plugin (versions <= 1.4.7).
Solution
No patched version is available. No reply from the vendor.
Found a vulnerability that puts your sites at risk?
Found a vulnerability? Help us secure the web and join our community of ethical hackers.
Are you the developer of this software? Hire our researchers for a thorough security audit.