CVE-2020-8417

The Code Snippets plugin before 2.14.0 for WordPress allows CSRF because of the lack of a Referer check on the import menu.

Basic Information

CVE State: PUBLISHED
Reserved Date: January 28, 2020
Published Date: January 28, 2020
Last Updated: August 04, 2024
Vendor: Code Snippets
Product: Code Snippets plugin for WordPress
Description: The Code Snippets plugin before 2.14.0 for WordPress allows CSRF because of the lack of a Referer check on the import menu.
Tags

CVSS Scores

CVSS v3.1

8.8 - HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v3.0

8.8 - HIGH

Vector: CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:R

CVSS v2.0

6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS Score

Score: 50.31% (Percentile: 97.66%) as of 2025-05-12

Exploit Status

Exploited in the Wild: Yes (2020-01-28 14:27:48 UTC) Source

References

https://wordpress.org/plugins/code-snippets/#developers https://wpvulndb.com/vulnerabilities/10050

Known Exploited Vulnerability Information

Source	Added Date
Wordfence	2020-01-28 14:27:48 UTC

Timeline

CVE ID Reserved

January 28, 2020
Added to KEVIntel

January 28, 2020
CVE Published to Public

January 28, 2020