cleantalk
Vulnerabilities and Security Researches

Easy Code Snippets, CVE-2024-11464

CVE, Research URL

CVE-2024-11464

Home page URL

Security reports for Easy Code Snippets

Application

Easy Code Snippets

Published on
Dec 07, 2024
Research Description
The Easy Code Snippets plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions
max 1.0.2.
Status
vulnerable
Previous vulnerability researches
Easy Code Snippets (CVE-2025-23780) , Jan 18, 2025
Easy Code Snippets (CVE-2022-4974) , Nov 15, 2024
Easy Code Snippets (CVE-2024-11464) , Dec 08, 2024
Easy Code Snippets (9c520bd00fffb08cd81aff79a4b766b6b389dacd) , Jun 07, 2024
New vulnerability
Import WP – Export and Import CSV and XML files to WordPress (CVE-2025-12137) , Nov 12, 2025
XX2WP Integration Tools (CVE-2025-11857) , Nov 12, 2025
Greenshift – animation and page builder blocks (CVE-2025-11841) , Nov 11, 2025
Range Slider AddOn for Gravity Forms (CVE-2025-49905) , Nov 11, 2025
YOP Poll (CVE-2025-62040) , Nov 11, 2025