Vulnerabilities and security researches forcode-snippets-cpt code-snippets-cpt

Mar 08, 2025

CVE, Research URL: CVE-2024-13895
Home page URL: Security reports for Code Snippets CPT
Application: Code Snippets CPT
Date: Mar 08, 2025
Research Description: The The Code Snippets CPT plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.1.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes.
Affected versions: max 2.1.0.
Status: vulnerable