{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1785", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2026-02-02T21:18:03.515Z", "datePublished": "2026-02-06T08:25:26.266Z", "dateUpdated": "2026-04-08T16:50:43.155Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:50:43.155Z"}, "affected": [{"vendor": "codesnippetspro", "product": "Code Snippets", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.9.4", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Code Snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9.4. This is due to missing nonce validation on the cloud snippet download and update actions in the Cloud_Search_List_Table class. This makes it possible for unauthenticated attackers to force logged-in administrators to download or update cloud snippets without their consent via a crafted request, granted they can trick an administrator into visiting a malicious page."}], "title": "Code Snippets <= 3.9.4 - Cross-Site Request Forgery to Cloud Snippet Download/Update Actions", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4a5787f3-6a16-491a-aa01-6222f275cf0f?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/code-snippets/trunk/php/cloud/class-cloud-search-list-table.php#L105"}, {"url": "https://plugins.trac.wordpress.org/browser/code-snippets/tags/3.9.4/php/cloud/class-cloud-search-list-table.php#L105"}, {"url": "https://plugins.trac.wordpress.org/browser/code-snippets/trunk/php/cloud/list-table-shared-ops.php#L57"}, {"url": "https://plugins.trac.wordpress.org/browser/code-snippets/tags/3.9.4/php/cloud/list-table-shared-ops.php#L57"}, {"url": "https://github.com/codesnippetspro/code-snippets/pull/331/changes"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "cweId": "CWE-352", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "M Indra Purnama"}], "timeline": [{"time": "2026-02-02T21:33:20.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2026-02-05T19:33:02.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-06T17:07:35.081599Z", "id": "CVE-2026-1785", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-06T17:07:58.731Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1785", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-06T17:07:35.081599Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-06T17:07:47.859Z"}}], "cna": {"title": "Code Snippets <= 3.9.4 - Cross-Site Request Forgery to Cloud Snippet Download/Update Actions", "credits": [{"lang": "en", "type": "finder", "value": "M Indra Purnama"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "codesnippetspro", "product": "Code Snippets", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "3.9.4"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-02-02T21:33:20.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2026-02-05T19:33:02.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4a5787f3-6a16-491a-aa01-6222f275cf0f?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/code-snippets/trunk/php/cloud/class-cloud-search-list-table.php#L105"}, {"url": "https://plugins.trac.wordpress.org/browser/code-snippets/tags/3.9.4/php/cloud/class-cloud-search-list-table.php#L105"}, {"url": "https://plugins.trac.wordpress.org/browser/code-snippets/trunk/php/cloud/list-table-shared-ops.php#L57"}, {"url": "https://plugins.trac.wordpress.org/browser/code-snippets/tags/3.9.4/php/cloud/list-table-shared-ops.php#L57"}, {"url": "https://github.com/codesnippetspro/code-snippets/pull/331/changes"}], "descriptions": [{"lang": "en", "value": "The Code Snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9.4. This is due to missing nonce validation on the cloud snippet download and update actions in the Cloud_Search_List_Table class. This makes it possible for unauthenticated attackers to force logged-in administrators to download or update cloud snippets without their consent via a crafted request, granted they can trick an administrator into visiting a malicious page."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:50:43.155Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1785", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:50:43.155Z", "dateReserved": "2026-02-02T21:18:03.515Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-02-06T08:25:26.266Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Code Snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9.4. This is due to missing nonce validation on the cloud snippet download and update actions in the Cloud_Search_List_Table class. This makes it possible for unauthenticated attackers to force logged-in administrators to download or update cloud snippets without their consent via a crafted request, granted they can trick an administrator into visiting a malicious page."}, {"lang": "es", "value": "El plugin Code Snippets para WordPress es vulnerable a la falsificaci\u00f3n de petici\u00f3n en sitios cruzados en todas las versiones hasta la 3.9.4, inclusive. Esto se debe a la falta de validaci\u00f3n de nonce en las acciones de descarga y actualizaci\u00f3n de fragmentos en la nube en la clase Cloud_Search_List_Table. Esto hace posible que atacantes no autenticados fuercen a administradores con sesi\u00f3n iniciada a descargar o actualizar fragmentos en la nube sin su consentimiento mediante una petici\u00f3n manipulada, siempre que puedan enga\u00f1ar a un administrador para que visite una p\u00e1gina maliciosa."}], "id": "CVE-2026-1785", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-02-06T09:15:49.163", "references": [{"source": "security@wordfence.com", "url": "https://github.com/codesnippetspro/code-snippets/pull/331/changes"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/code-snippets/tags/3.9.4/php/cloud/class-cloud-search-list-table.php#L105"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/code-snippets/tags/3.9.4/php/cloud/list-table-shared-ops.php#L57"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/code-snippets/trunk/php/cloud/class-cloud-search-list-table.php#L105"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/code-snippets/trunk/php/cloud/list-table-shared-ops.php#L57"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4a5787f3-6a16-491a-aa01-6222f275cf0f?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-15T18:46:10.735575+00:00", "value": {"mitigation_remediation": ["Upgrade the Code Snippets plugin to a version newer than 3.9.4 where nonce validation has been added to cloud snippet actions", "Validate that the installed plugin version number reflects the latest release and that the Cloud_Search_List_Table class includes a nonce check for download and update actions", "If upgrading is not immediately possible, disable or remove the cloud snippet functionality from the administration interface or block the related endpoints from unauthenticated requests to mitigate the risk"], "summary": {"action": "Apply Patch", "impact": "Cross\u2011Site Request Forgery enabling unauthenticated attackers to coerce logged\u2011in administrators into downloading or updating cloud snippets without consent"}, "threat_synthesis": {"affected_systems": "WordPress installations running the Code Snippets plugin, version 3.9.4 or earlier. The affected package is distributed by codesnippetspro and includes the Cloud_Search_List_Table component. Administrators who have the plugin enabled are vulnerable unless the plugin is updated beyond the specified version.", "description_and_impact": "The Code Snippets plugin for WordPress contains a CSRF flaw that arises from missing nonce validation in the Cloud_Search_List_Table class. An attacker can use a crafted request to trigger the download or update of cloud snippets on a target administrator\u2019s account. This allows the attacker to force the installation or replacement of code in the cloud snippet repository, potentially leading to unintended code execution or alteration of site functionality. The flaw does not provide direct code execution or privilege escalation on its own, but it undermines the integrity of the plugin\u2019s managed code base.", "risk_and_exploitability": "The CVSS score is 4.3, indicating moderate severity, and the EPSS score is below 1\u202f%, suggesting a very low probability of exploitation at present. The vulnerability is not listed in the CISA KEV catalog and no public exploits are known. An attacker would need to craft a malicious URL or page that forces an administrator\u2019s browser to issue a request to the plugin\u2019s cloud snippet endpoint. Because the attacker does not require any administrative credentials, the primary barrier is social engineering\u2014getting the target to click a link or visit a crafted page."}}}}, "created": "2026-02-09T10:52:32.783239+00:00", "updated": "2026-04-15T19:00:12.255174+00:00", "vendors": ["codesnippets", "codesnippets$PRODUCT$code_snippets", "wordpress", "wordpress$PRODUCT$wordpress"]}