Discover reliable hosting solutions for your website.
Contact us: 03300 885 250
Email: sales@clook.net
Elevate your website's performance with our managed servers.
Contact us: 03300 885 250
Email: sales@clook.net
Yesterday, 30th January it was announced that a Code Snippets Vulnerability had been discovered. Code Snippets is a plugin for WordPress that currently has over 200,000 installs and is one that has previously been mentioned on this blog (Five Essential Plugins for WooCommerce).
It has been found that a high severity cross-site request forgery (CSRF) bug, tracked as CVE-2020-8417, in Code Snippets plugin could be exploited by attackers to take over WordPress sites running vulnerable versions of the Code Snippets plugin.
The plugin allows users to execute code without adding custom snippets to their theme’s functions.php file.
Earlier in the week Wordfence released the following statement:
“On January 23rd, our Threat Intelligence team discovered a vulnerability in Code Snippets, a WordPress plugin installed on over 200,000 sites. The flaw allowed anybody to forge a request on behalf of an administrator and inject executable code on a vulnerable site. This is a Cross-Site Request Forgery (CSRF) to Remote Code Execution (RCE) vulnerability. We privately disclosed the full details to the plugin’s developer on January 24th, who was quick to respond and released a patch one day later.”
This is very simple. Navigate to your WordPress plugin section and update the plugin to the newest version – 2.14.0.
Insecurities similar to this are found often. As such we recommend all users to keep on top of updates manually or by activating automatic updates.
Clook Internet is a trading style of Sub 6 Limited. Registered in England and Wales Registration No 4439133 | VAT Registration No 844 7894 73