6.8
CVSSv2

CVE-2020-8417

Published: 28/01/2020 Updated: 06/02/2020
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

The Code Snippets plugin prior to 2.14.0 for WordPress allows CSRF because of the lack of a Referer check on the import menu.

Vulnerability Trend

Github Repositories

Recent Articles

200K WordPress Sites Vulnerable to Plugin Flaw
Threatpost • Lindsey O'Donnell • 30 Jan 2020

A high-severity vulnerability exists in a popular WordPress plugin, potentially opening up 200,000 websites to takeover.
The WordPress plugin in question in Code Snippets, which allows users to run small chunks of PHP code on their websites. This can be used to extend the functionality of the website (essentially used as a mini-plugin). The flaw (CVE-2020-8417) has been patched by the plugin’s developer, Code Snippets Pro.
“This is a high severity security issue that could cause...

200K WordPress Sites Exposed to Takeover Attacks by Plugin Bug
BleepingComputer • Sergiu Gatlan • 29 Jan 2020

A high severity cross-site request forgery (CSRF) bug allows attackers to take over WordPress sites running an unpatched version of the Code Snippets plugin because of missing referer checks on the import menu.
According to the active installations count on its WordPress library entry, the open-source Code Snippets plugin is currently used by more than 200,000 websites.
This open-source plugin makes it possible for users to run PHP code snippets on their WordPress sites and it also p...

200K WordPress Sites Exposed to Takeoker Attacks by Plugin Bug
BleepingComputer • Sergiu Gatlan • 29 Jan 2020

A high severity cross-site request forgery (CSRF) bug allows attackers to take over WordPress sites running an unpatched version of the Code Snippets plugin because of missing referer checks on the import menu.
According to the active installations count on its WordPress library entry, the open-source Code Snippets plugin is currently used by more than 200,000 websites.
This open-source plugin makes it possible for users to run PHP code snippets on their WordPress sites and it also p...