VYPR

Code Snippets

by WordPress

Source repositories

CVEs (7)

  • CVE-2025-13035HigNov 19, 2025
    risk 0.52cvss 8.0epss 0.00

    The Code Snippets plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 3.9.1. This is due to the plugin's use of extract() on attacker-controlled shortcode attributes within the `evaluate_shortcode_from_flat_file` method, which can be…

  • CVE-2026-1785MedFeb 6, 2026
    risk 0.28cvss 4.3epss 0.00

    The Code Snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9.4. This is due to missing nonce validation on the cloud snippet download and update actions in the Cloud_Search_List_Table class. This makes it possible…

  • CVE-2023-47666MedNov 18, 2023
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Code Snippets Pro Code Snippets.This issue affects Code Snippets: from n/a through 3.5.0.

  • CVE-2020-8417Jan 28, 2020
    risk 0.04cvss epss 0.12

    The Code Snippets plugin before 2.14.0 for WordPress allows CSRF because of the lack of a Referer check on the import menu.

  • CVE-2024-13895Mar 8, 2025
    risk 0.00cvss epss 0.00

    The The Code Snippets CPT plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.1.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This…

  • CVE-2022-25617May 18, 2022
    risk 0.00cvss epss 0.01

    Reflected Cross-Site Scripting (XSS) vulnerability in Code Snippets plugin <= 2.14.3 at WordPress via &orderby vulnerable parameter.

  • CVE-2021-25008Jan 24, 2022
    risk 0.00cvss epss 0.02

    The Code Snippets WordPress plugin before 2.14.3 does not escape the snippets-safe-mode parameter before outputting it back in attributes, leading to a Reflected Cross-Site Scripting issue