CVE-2022-29436

Description

Persistent Cross-Site Scripting (XSS) vulnerability in Alexander Stokmann's Code Snippets Extended plugin <= 1.4.7 on WordPress via Cross-Site Request Forgery (vulnerable parameters &title, &snippet_code).

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

None

Integrity

Low

Availability

None

Affected products

Alexander Stokmann / Code Snippets Extended (WordPress plugin)<= 1.4.7 – 1.4.7

References

MISChttps://wordpress.org/plugins/code-snippets-extended/#developers
MISChttps://patchstack.com/database/vulnerability/code-snippets-extended/wordpress-code-snippets-extended-plugin-1-4-7-cross-site-request-forgery-csrf-vulnerability-leading-to-persistent-cross-site-scripting-xss