A high severity vulnerability discovered in the Code Snippet plugin allows hackers to takeover WordPress sites running version 2.13.x of the plugin or less. The cause of the vulnerability is a missing referrer check on the plugin’s import menu. More than 200,000 websites that use Code Snippet have been affected by this vulnerability.
What is the Code Snippet Plugin Used for?
Code Snippet is a WordPress plugin that allows users to add code to a WordPress site. It is used to customize websites without having to access the site’s code. It provides a Graphical User Interface (GUI) to manage code snippets, which is similar to WordPress’s Plugins menu. With Code Snippet, users can activate and deactivate code snippets just like a plugin.
The Code Snippet plugin is an easy and simple way to run PHP code snippets. A snippet is a small piece of PHP code that can be used to extend the functionality of a WordPress-powered website.
How Could the Code Snippet Vulnerability be Exploited?
The vulnerability was discovered by the Threat Intelligence Team at Wordfence, a firm which develops free WordPress security plugins.
The vulnerability exists in Code Snippet plugin versions before 2.14.0. These older plugin versions, allow cross-site request forgeries (CSRF) due to the lack of a referrer check. By checking the referrer, new webpages can see where the request originated.
Although the plugin’s endpoints had been protected against CSRF by the developer, he did not protect the plugins’ import menu. CSRF is an attack that forces end users to execute unwanted actions on web applications to which they are currently authenticated.
“Without this protection, an attacker could craft a malicious request to trick an administrator into infecting their own site,” the Wordfence researchers explained. “These malicious requests could then be used by the attackers to inject malicious code to be executed on the site thus making it possible to create a new administrative account on the site, exfiltrate sensitive information, infect site users, and much more.”
The Fix to Code Snippet’s CSRF Vulnerability
The developer of the Code Snippet plugin was able to provide an update to fix the flaw a day after the vulnerability was discovered.
Consequently, security experts recommend updating to this latest version of Code Snippet immediately. The latest Code Snippet version being 2.14.0.