EUVD-2026-14152
GHSA-x8rg-w4fm-9p2g
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
3Description
The Post Snippits plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the settings page handlers for saving, adding, and deleting snippets. This makes it possible for unauthenticated attackers to modify plugin settings and inject malicious scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Analysis
The Post Snippits WordPress plugin for all versions up to and including 1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability due to missing nonce validation on settings page handlers that manage snippet creation, modification, and deletion. Unauthenticated attackers can exploit this by crafting malicious requests that, when clicked by an administrator, allow injection of arbitrary scripts and modification of plugin settings, potentially leading to site compromise. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 30 days: Identify affected systems running for WordPress is vulnerable to Cross-Site Request Forgery in and apply vendor patches as part of regular patch cycle. Verify anti-CSRF tokens are enforced.
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today