Skip to main content

Post Snippets

3 CVEs product

Monthly

CVE-2026-56049 HIGH This Week

Remote code execution in the Post Snippets WordPress plugin (versions 4.0.19 and earlier) lets an authenticated user with only Contributor-level privileges inject and execute arbitrary PHP/code on the server via the plugin's snippet-handling functionality (CWE-94). Because a low-privilege role can pivot to full server compromise with a scope change (S:C), this is a privilege-escalation-to-RCE flaw reported by Patchstack; no public exploit has been identified at time of analysis and it is not listed in CISA KEV.

Code Injection RCE Post Snippets
NVD
CVSS 3.1
8.5
EPSS
0.4%
CVE-2026-25001 HIGH This Week

The Post Snippets WordPress plugin versions up to and including 4.0.12 contain an improper code generation vulnerability (CWE-94) that enables remote code injection and execution. An attacker can exploit this flaw to execute arbitrary code on affected WordPress installations, potentially leading to complete site compromise. The vulnerability has been publicly documented by Patchstack with available references, and the attack vector appears to be network-based without requiring high privileges.

RCE Code Injection Post Snippets
NVD VulDB
CVSS 3.1
8.5
EPSS
0.0%
CVE-2023-25459 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Post Snippets
NVD
CVSS 3.1
4.8
EPSS
0.4%
EPSS 0% CVSS 8.5
HIGH This Week

Remote code execution in the Post Snippets WordPress plugin (versions 4.0.19 and earlier) lets an authenticated user with only Contributor-level privileges inject and execute arbitrary PHP/code on the server via the plugin's snippet-handling functionality (CWE-94). Because a low-privilege role can pivot to full server compromise with a scope change (S:C), this is a privilege-escalation-to-RCE flaw reported by Patchstack; no public exploit has been identified at time of analysis and it is not listed in CISA KEV.

Code Injection RCE Post Snippets
NVD
EPSS 0% CVSS 8.5
HIGH This Week

The Post Snippets WordPress plugin versions up to and including 4.0.12 contain an improper code generation vulnerability (CWE-94) that enables remote code injection and execution. An attacker can exploit this flaw to execute arbitrary code on affected WordPress installations, potentially leading to complete site compromise. The vulnerability has been publicly documented by Patchstack with available references, and the attack vector appears to be network-based without requiring high privileges.

RCE Code Injection Post Snippets
NVD VulDB
EPSS 0% CVSS 4.8
MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Post Snippets
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy