WordPress Post Snippits Plugin Allows Unauthenticated Settings Changes

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

6.1

WordPress Post Snippits Plugin Allows Unauthenticated Settings Changes

CVE-2026-2723

Summary

The Post Snippits WordPress plugin is at risk because an attacker could trick an administrator into clicking a link, allowing them to change plugin settings and inject malicious scripts. This affects all versions up to and including 1.0. Update to a version that has fixed this issue to protect your site.

Original title

Original description

The Post Snippits plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the settings page handlers for saving, adding, and deleting snippets. This makes it possible for unauthenticated attackers to modify plugin settings and inject malicious scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

nvd CVSS3.1 6.1

Vulnerability type

CWE-352 Cross-Site Request Forgery (CSRF)

Published: 21 Mar 2026 · Updated: 21 Mar 2026 · First seen: 21 Mar 2026