Walden Systems Geeks Corner News Code Snippets WordPress plugin Vulnerability Patched Rutherford NJ New Jersey NYC New York City North Bergen County

Code Snippets WordPress plugin Vulnerability Patched

Rita gives you full control of what sites your employees visit. Rita can block sites that eat up your precious bandwidth such as media streaming sites. Rita enables you full control of what sites your employees can and cannot visit. Rita gives you the ability to block undesirable sites by wildcard or by name. Rita gives you the ability to determine which computers will be blocked and which will be allowed. With Rita, you can block access to sensitive servers within your LAN.

A high-severity flaw exists in Code Snippets WordPress plugin leaves over 200,000 websites o0pen to takeover. Code Snippets allows users to run small chunks of PHP code on websites. This can be used to extend the functionality of the website. The flaw (CVE-2020-8417) has been patched by the plugin’s developer, Code Snippets Pro.

Code Snippets offers an import menu for importing code onto the website. Researchers found that the import menu had a missing referrer check, which allows a webpage to see where requests originated. That means malicious code could be enabled with an import. This opens affected websites up to cross-site request forgery, an attack that forces a victim to execute unwanted actions on web applications in which they're currently authenticated.

This is a high severity security issue that could cause complete site takeover, information disclosure, and more. The flaw was first discovered on Jan. 23; a patch was released by developers on Jan. 25. It is highly recommended that administrators update to the latest version, 2.14.0, immediately. This is only the latest WordPress plugin to face security issues.