VYPR

Post Snippets

by WordPress

Source repositories

CVEs (5)

  • CVE-2021-25010CriFeb 28, 2022
    risk 0.62cvss 9.6epss 0.01

    The Post Snippets WordPress plugin before 3.1.4 does not have CSRF check when importing files, allowing attacker to make a logged In admin import arbitrary snippets. Furthermore, imported snippers are not sanitised and escaped, which could lead to Stored Cross-Site Scripting…

  • CVE-2026-2723MedMar 21, 2026
    risk 0.40cvss 6.1epss 0.00

    The Post Snippits plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the settings page handlers for saving, adding, and deleting snippets. This makes it possible for…

  • CVE-2023-25459MedAug 8, 2023
    risk 0.38cvss 5.9epss 0.00

    Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Postsnippets Post Snippets plugin <= 4.0.2 versions.

  • CVE-2026-7430MedMay 29, 2026
    risk 0.29cvss 4.4epss 0.00

    The Post Snippets plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.0.19. This is due to insufficient output escaping of imported snippet content when rendering JavaScript variables in the post editor. Specifically, the…

  • CVE-2025-63040MedDec 31, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal Post Snippets post-snippets allows Cross Site Request Forgery.This issue affects Post Snippets: from n/a through <= 4.0.11.