The plugin does not have CSRF in place when creating/editing snippets, as well as is lacking sanitisation and escaping in some fields, which could allow attackers to make a logged in admin create/edit arbitrary snippets and place XSS payloads in them
CPE | Name | Operator | Version |
---|---|---|---|
code-snippets-extended | eq | * |