Main Vulnerability Database Vulnerabilities #VU24724

#VU24724 Cross-site request forgery in Code Snippets - CVE-2020-8417

Published: January 29, 2020 / Updated: February 21, 2021

Vulnerability identifier: #VU24724

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2020-8417

CWE-ID: CWE-352

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
Code Snippets

Software vendor:
Shea Bunge

Description

The vulnerability allows a remote attacker to perform cross-site request forgery attacks.

The vulnerability exists due to insufficient validation of the HTTP request origin on the import menu. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website, leading to remote code execution.

Remediation

Install update from vendor's website.

External links

https://wordpress.org/plugins/code-snippets/#developers
https://wpvulndb.com/vulnerabilities/10050/
https://www.wordfence.com/blog/2020/01/high-severity-csrf-to-rce-vulnerability-patched-in-code-snippets-plugin/

#VU24724 Cross-site request forgery in Code Snippets - CVE-2020-8417

Description

Remediation

External links

Please verify you're human