CVE-2020-8417

High

The Code Snippets plugin before 2.14.0 for WordPress allows CSRF because of the lack of a Referer check on the import menu.

mitre·CWE-352·Published 2020-01-28

CVSS

8.8

EPSS

0.10

KEV

Exploits

cve.orgen

123 chars

The Code Snippets plugin before 2.14.0 for WordPress allows CSRF because of the lack of a Referer check on the import menu.

NVDen

123 chars

The Code Snippets plugin before 2.14.0 for WordPress allows CSRF because of the lack of a Referer check on the import menu.

El complemento Code Snippets versiones anteriores a 2.14.0 para WordPress, permite un ataque de tipo CSRF debido a la falta de una comprobación de Referer en el menú de importación.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
3.0	Primary	cve.org	8.8	—	—	CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:R
3.0	Primary	cve.org	8.8	—	—	CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:R
3.0	Secondary	NVD	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
3.1	Primary	NVD	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H