Code Snippets Extended <= 1.4.7 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF in place when creating/editing snippets, as well as is lacking sanitisation and escaping in some fields, which could allow attackers to make a logged in admin create/edit arbitrary snippets and place XSS payloads in them