CVE-2026-1785 in Code Snippets PluginИнформация

Сводка

по MITRE • 06.02.2026

The Code Snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9.4. This is due to missing nonce validation on the cloud snippet download and update actions in the Cloud_Search_List_Table class. This makes it possible for unauthenticated attackers to force logged-in administrators to download or update cloud snippets without their consent via a crafted request, granted they can trick an administrator into visiting a malicious page.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Раскрытие

06.02.2026

Модерация

принято

Вход

VDB-344627

CPE

готов

CWE

CWE-352 (Подтверждённый)

CVSS

4.3 (CNA)

EPSS

0.00013

KEV

Нет

Деятельности

Очень низкий

Сектор

Hostingprovider

Источники

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-1785
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-1785
CVE Details	https://www.cvedetails.com/cve/CVE-2026-1785/

◂ Предыдущий Обзор Далее ▸

Want to know what is going to be exploited?

We predict KEV entries!