VYPR

Snippet Shortcodes

by WordPress

CVEs (2)

  • CVE-2024-12018MedDec 12, 2024
    risk 0.21cvss 4.3epss 0.00

    The Snippet Shortcodes plugin for WordPress is vulnerable to unauthorized Shortcode Deletion due to missing authorization in all versions up to, and including, 4.1.6. Note that a nonce is used as authentication here, but the value is leaked. This makes it possible for…

  • CVE-2024-4543MedJul 3, 2024
    risk 0.21cvss 4.3epss 0.00

    The Snippet Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.1.4. This is due to missing or incorrect nonce validation when adding or editing shortcodes. This makes it possible for unauthenticated attackers to…