cleantalk
Vulnerabilities and Security Researches

Post Snippets – Custom WordPress Code Snippets Customizer, CVE-2021-25010

CVE, Research URL

CVE-2021-25010

Home page URL

Security reports for Post Snippets – Custom WordPress Code Snippets Customizer

Application

Post Snippets – Custom WordPress Code Snippets Customizer

Published on
Feb 28, 2022
Research Description
The Post Snippets WordPress plugin before 3.1.4 does not have CSRF check when importing files, allowing attacker to make a logged In admin import arbitrary snippets. Furthermore, imported snippers are not sanitised and escaped, which could lead to Stored Cross-Site Scripting issues
Affected versions
max 3.0.6.
Status
vulnerable
Previous vulnerability researches
Post Snippets – Custom WordPress Code Snippets Customizer (CVE-2025-63040) , Jan 10, 2026
Post Snippets – Custom WordPress Code Snippets Customizer (CVE-2022-4974) , Nov 15, 2024
Post Snippets – Custom WordPress Code Snippets Customizer (CVE-2026-7430) , May 31, 2026
Post Snippets – Custom WordPress Code Snippets Customizer (CVE-2026-25001) , Mar 31, 2026
Post Snippets – Custom WordPress Code Snippets Customizer (CVE-2021-25010) , Jun 07, 2024
New vulnerability
StatCounter – Free Real Time Visitor Stats (CVE-2026-6275) , May 31, 2026
Post Snippets – Custom WordPress Code Snippets Customizer (CVE-2026-7430) , May 31, 2026
Poll Maker – Best WordPress Poll Plugin (CVE-2026-8995) , May 31, 2026
Login with phone number (CVE-2026-3655) , May 31, 2026
Spectra – WordPress Gutenberg Blocks (CVE-2026-7465) , May 31, 2026