cleantalk
Vulnerabilities and Security Researches

WPCode – Insert Headers and Footers + Custom Code Snippets – WordPress Code Manager, CVE-2023-1624

CVE, Research URL

CVE-2023-1624

Home page URL

Security reports for WPCode – Insert Headers and Footers + Custom Code Snippets – WordPress Code Manager

Application

WPCode – Insert Headers and Footers + Custom Code Snippets – WordPress Code Manager

Published on
Apr 25, 2023
Research Description
The WPCode WordPress plugin before 2.0.9 has a flawed CSRF when deleting log, and does not ensure that the file to be deleted is inside the expected folder. This could allow attackers to make users with the wpcode_activate_snippets capability delete arbitrary log files on the server, including outside of the blog folders
Affected versions
max 2.0.9.
Status
vulnerable
Previous vulnerability researches
Insert Headers and Footers Code – HT Script (CVE-2025-2779) , Apr 03, 2025
Insert Headers and Footers Code – HT Script (CVE-2025-12112) , Nov 11, 2025
WPCode – Insert Headers and Footers + Custom Code Snippets – WordPress Code Manager (CVE-2023-0328) , Jun 06, 2024
WPCode – Insert Headers and Footers + Custom Code Snippets – WordPress Code Manager (CVE-2023-1624) , Jun 06, 2024
WPCode – Insert Headers and Footers + Custom Code Snippets – WordPress Code Manager (CVE-2023-3524) , Jun 06, 2024
New vulnerability
WP Search Analytics (CVE-2026-27357) , May 28, 2026
Sheets to WP Table Live Sync – WordPress Table Plugin with Google Sheets Integration (CVE-2026-24582) , May 28, 2026
MasterStudy LMS WordPress Plugin – for Online Courses and Education (CVE-2026-42730) , May 28, 2026
cformsII (CVE-2026-39436) , May 28, 2026
Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP (CVE-2026-24937) , May 28, 2026