Fast. Reliable. Secure.
Discover reliable hosting solutions for your website.
Contact us: 03300 885 250
Email: sales@clook.net
Elevate your website's performance with our managed servers.
Contact us: 03300 885 250
Email: sales@clook.net
Yesterday, 30th January it was announced that a Code Snippets Vulnerability had been discovered. Code Snippets is a plugin for WordPress that currently has over 200,000 installs and is one that has previously been mentioned on this blog (Five Essential Plugins for WooCommerce).
It has been found that a high severity cross-site request forgery (CSRF) bug, tracked as CVE-2020-8417, in Code Snippets plugin could be exploited by attackers to take over WordPress sites running vulnerable versions of the Code Snippets plugin.
The plugin allows users to execute code without adding custom snippets to their theme’s functions.php file.
Earlier in the week Wordfence released the following statement:
“On January 23rd, our Threat Intelligence team discovered a vulnerability in Code Snippets, a WordPress plugin installed on over 200,000 sites. The flaw allowed anybody to forge a request on behalf of an administrator and inject executable code on a vulnerable site. This is a Cross-Site Request Forgery (CSRF) to Remote Code Execution (RCE) vulnerability. We privately disclosed the full details to the plugin’s developer on January 24th, who was quick to respond and released a patch one day later.”
This is very simple. Navigate to your WordPress plugin section and update the plugin to the newest version – 2.14.0.
Insecurities similar to this are found often. As such we recommend all users to keep on top of updates manually or by activating automatic updates.
Providing the best web hosting and customer service since 2002.
Clook Internet
Strawberry Fields
Digital Hub
Euxton Ln, Chorley, Lancashire
PR7 1PQ
2023 sub6 Limited
Web Hosting
Domain Names
Email Hosting
Clook Internet is a trading style of Sub 6 Limited. Registered in England and Wales Registration No 4439133 | VAT Registration No 844 7894 73
