cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches foreasy-code-snippets easy-code-snippets

Direction: ascending
Jun 07, 2024

Easy Code Snippets # 9c520bd00fffb08cd81aff79a4b766b6b389dacd

CVE, Research URL

9c520bd00fffb08cd81aff79a4b766b6b389dacd

Home page URL

Security reports for Easy Code Snippets

Application

Easy Code Snippets

Date
Feb 28, 2022
Research Description
Easy Code Snippets [easy-code-snippets] < 1.0.1 WordPress Easy Code Snippets plugin <= 1.0.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability discovered in WordPress Easy Code Snippets plugin (versions <= 1.0.0).
Affected versions
max 1.0.1.
Status
vulnerable
Nov 15, 2024

Easy Code Snippets # CVE-2022-4974

CVE, Research URL

CVE-2022-4974

Home page URL

Security reports for Easy Code Snippets

Application

Easy Code Snippets

Date
Oct 16, 2024
Research Description
The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
Affected versions
max 1.0.1.
Status
vulnerable
Dec 08, 2024

Easy Code Snippets # CVE-2024-11464

CVE, Research URL

CVE-2024-11464

Home page URL

Security reports for Easy Code Snippets

Application

Easy Code Snippets

Date
Dec 07, 2024
Research Description
The Easy Code Snippets plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions
max 1.0.2.
Status
vulnerable
Jan 18, 2025

Easy Code Snippets # CVE-2025-23780

CVE, Research URL

CVE-2025-23780

Home page URL

Security reports for Easy Code Snippets

Application

Easy Code Snippets

Date
Jan 17, 2025
Research Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AlphaBPO Easy Code Snippets allows SQL Injection.This issue affects Easy Code Snippets: from n/a through 1.0.2.
Affected versions
max 1.0.2.
Status
vulnerable