Vulnerabilities and security researches forinsert-php-code-snippet insert-php-code-snippet

Jun 06, 2024

CVE, Research URL: CVE-2024-0658
Home page URL: Security reports for Insert PHP Code Snippet
Application: Insert PHP Code Snippet
Date: Feb 29, 2024
Research Description: The Insert PHP Code Snippet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user's name when accessing the insert-php-code-snippet-manage page in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions: Min -, max -.
Status: vulnerable

Aug 16, 2024

CVE, Research URL: CVE-2024-7420
Home page URL: Security reports for Insert PHP Code Snippet
Application: Insert PHP Code Snippet
Date: Aug 15, 2024
Research Description: The Insert PHP Code Snippet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6. This is due to missing or incorrect nonce validation in the /admin/snippets.php file. This makes it possible for unauthenticated attackers to activate/deactivate and delete code snippets via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

May 07, 2025

CVE, Research URL: CVE-2024-43275
Home page URL: Security reports for Insert PHP Code Snippet
Application: Insert PHP Code Snippet
Date: Aug 15, 2024
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in xyzscripts.Com Insert PHP Code Snippet.This issue affects Insert PHP Code Snippet: from n/a through 1.3.6.
Affected versions: Min -, max -.
Status: vulnerable