cleantalk
Vulnerabilities and Security Researches

Code Snippets, CVE-2026-1785

CVE, Research URL

CVE-2026-1785

Home page URL

Security reports for Code Snippets

Application

Code Snippets

Published on
Feb 06, 2026
Research Description
The Code Snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9.4. This is due to missing nonce validation on the cloud snippet download and update actions in the Cloud_Search_List_Table class. This makes it possible for unauthenticated attackers to force logged-in administrators to download or update cloud snippets without their consent via a crafted request, granted they can trick an administrator into visiting a malicious page.
Affected versions
max 3.9.5.
Status
vulnerable
Previous vulnerability researches
Hustle – Email Marketing, Lead Generation, Optins, Popups (CVE-2026-2263) , Apr 13, 2026
Hustle – Email Marketing, Lead Generation, Optins, Popups (CVE-2024-0368) , Jun 07, 2024
Hustle – Email Marketing, Lead Generation, Optins, Popups (CVE-2019-11872) , Jun 07, 2024
Hustle – Email Marketing, Lead Generation, Optins, Popups (CVE-2026-24998) , Feb 27, 2026
Hustle – Email Marketing, Lead Generation, Optins, Popups (CVE-2018-18576) , Jun 07, 2024
New vulnerability
Customer Reviews for WooCommerce (CVE-2026-1316) , Apr 15, 2026
WP Recipe Maker (CVE-2026-1558) , Apr 15, 2026
Page and Post Clone (CVE-2026-2893) , Apr 15, 2026
Greenshift – animation and page builder blocks (CVE-2026-2589) , Apr 15, 2026
Greenshift – animation and page builder blocks (CVE-2026-1927) , Apr 15, 2026