The Post Snippets WordPress plugin before 3.1.4 does not have CSRF check when importing files, allowing attacker to make a logged In admin import arbitrary snippets. Furthermore, imported snippers are not sanitised and escaped, which could lead to Stored Cross-Site Scripting issues
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/d1ebd15a-72ab-4ba2-a212-7e2eea0b0fb0 | Exploit Third Party Advisory |
https://wpscan.com/vulnerability/d1ebd15a-72ab-4ba2-a212-7e2eea0b0fb0 | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 05:54
Type | Values Removed | Values Added |
---|---|---|
References | () https://wpscan.com/vulnerability/d1ebd15a-72ab-4ba2-a212-7e2eea0b0fb0 - Exploit, Third Party Advisory |
08 Mar 2022, 16:55
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://wpscan.com/vulnerability/d1ebd15a-72ab-4ba2-a212-7e2eea0b0fb0 - Exploit, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 6.8
v3 : 9.6 |
CPE | cpe:2.3:a:postsnippets:post_snippets:*:*:*:*:*:wordpress:*:* |
28 Feb 2022, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-02-28 09:15
Updated : 2024-11-21 05:54
NVD link : CVE-2021-25010
Mitre link : CVE-2021-25010
CVE.ORG link : CVE-2021-25010
JSON object : View
Products Affected
postsnippets
- post_snippets
CWE
CWE-352
Cross-Site Request Forgery (CSRF)