High Severity CSRF to RCE Vulnerability Patched in Code Snippets Plugin
On January 23rd, our Threat Intelligence team discovered a vulnerability in Code Snippets, a WordPress plugin installed on over 200,000 sites. The flaw allowed attackers to forge a request on behalf of an administrator and inject code on a vulnerable site. This is a Cross-Site Request (CSRF) to Remote Code Execution (RCE) vulnerability. We privately disclosed the full details of the issue to the plugin’s developer on January 24th, who was quick to respond and release a patch one day later.
Find out more on the blog: https://www.wordfence.com/blog/2020/0...
