Plugin Vulnerability Notification – Post Snippets Plugin

  • Resolved ccbackus

    (@ccbackus)


    3 months, 1 week ago

    I received the following notice from WP Engine regarding this plugin. Do you intend to update it?


    WP Engine summary of the vulnerability: This vulnerability allows an attacker to target privileged authenticated users with malicious links that make authenticated requests to WordPress on behalf of the user. An attacker could use this vulnerability to modify site configuration, including adding backdoors such as other WordPress administrators.

    This vulnerability’s information has been verified by Patchstack. Please note that questions related to this notification should be directed to Patchstack, the plugin author or the 3rd-party researcher for the most accurate information.

    Resources providing further information on this vulnerability:

    https://patchstack.com/database/vulnerability/post-snippets/wordpress-post-snippets-plugin-4-0-11-cross-site-request-forgery-csrf-vulnerability?_a_id=473

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support muddasirhayat

    (@muddasirhayat)

    3 months, 1 week ago

    HI @ccbackus,

    Thanks for bringing this to our attention.

    Our team is currently reviewing the reported vulnerability with the Post Snippets plugin and assessing the impact. We’re actively looking into next steps and will provide an update as soon as we have more information.

    We appreciate your patience in the meantime.

    Thanks & regards,
    WPExperts Support Team

    Plugin Support muddasirhayat

    (@muddasirhayat)

    3 months ago

    Hi @ccbackus,

    Thank you for your patience and for bringing this to our attention.

    We’ve released an updated version of the Post Snippets plugin that includes fixes addressing the reported security issue. Please update the plugin to the latest version on your site and let us know if you experience any further problems.

    If you have any questions or need assistance after updating, feel free to reply here.

    Thank you

    Thread Starter ccbackus

    (@ccbackus)

    3 months ago

    Thank you. I checked and confirmed that the auto update process has already updated the plugin to the latest version. I appreciate your work.

Viewing 3 replies - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.