Post Snippets <= 4.0.19 Stored XSS via Import (CVE-2026-7430)

漏洞概述 漏洞名称: Post Snippets <= 4.0.19 - Authenticated (Administrator+) Stored Cross-Site Scripting via Import CVE ID: CVE-2026-7430 CVSS评分: 4.4 (Medium) 发布日期: May 28, 2026 最后更新日期: May 29, 2026 研究人员: x1abxids 影响范围 软件类型: Plugin 软件名称: Post Snippets – Custom WordPress Code Snippets Customizer 受影响版本: <= 4.0.19 修复版本: 4.1.1 修复方案 修复方法: 更新到版本 4.1.1 或更新的补丁版本 漏洞描述 Post Snippets 插件在导入包含 JavaScript 变量的代码片段时，由于未正确转义双引号，导致存储型跨站脚本攻击（Stored Cross-Site Scripting）。攻击者可以通过导入恶意代码片段，在管理员访问帖子编辑器页面时执行任意 JavaScript 代码。 参考链接 plugins.trac.wordpress.org 其他信息 免责声明: 该页面内容受版权保护，未经许可不得复制、分发或修改。 联系方式: 如有错误或需要更多信息，请联系 support@wordfence.com。 近期漏洞 Post Snippets – Custom WordPress Code Snippets Customizer <= 4.0.12 - Authenticated (Contributor+) Remote Code Execution - CVE ID: CVE-2025-25001 - CVSS评分: 8.8 - 研究人员: Doan Dinh Van (BenVan53) - 发布日期: March 16, 2026 Post Snippets <= 4.0.11 - Cross-Site Request Forgery - CVE ID: CVE-2025-63040 - CVSS评分: 4.3 - 研究人员: Nabil Irwan - 发布日期: December 31, 2025 Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get - CVE ID: CVE-2023-33999 - CVSS评分: 6.1 - 研究人员: Rafie Muhammad - 发布日期: July 18, 2023 Post Snippets <= 4.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'snippet_content' - CVE ID: CVE-2023-25459 - CVSS评分: 4.4 - 研究人员: Abdi Pranata - 发布日期: May 9, 2023 Freemius SDK <= 2.4.2 - Missing Authorization Checks - CVE ID: CVE-2022-4974 - CVSS评分: 6.3 - 研究人员: Muhammad Adel - 发布日期: March 4, 2022 Post Snippets <= 3.1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting - CVE ID: CVE-2021-25010 - CVSS评分: 9.6 - 研究人员: Muhammad Adel - 发布日期: January 31, 2022 Freemius SDK <= 2.2.3 - Missing Authorization to Arbitrary Options Update - CVE ID: CVE-2021-25010 - CVSS评分: 8.8 - 研究人员: Muhammad Adel - 发布日期: February 25, 2019 其他信息 免责声明: 该页面内容受版权保护，未经许可不得复制、分发或修改。 联系方式: 如有错误或需要更多信息，请联系 support@wordfence.com。 近期漏洞 Post Snippets – Custom WordPress Code Snippets Customizer <= 4.0.12 - Authenticated (Contributor+) Remote Code Execution - CVE ID: CVE-2025-25001 - CVSS评分: 8.8 - 研究人员: Doan Dinh Van (BenVan53) - 发布日期: March 16, 2026 Post Snippets <= 4.0.11 - Cross-Site Request Forgery - CVE ID: CVE-2025-63040 - CVSS评分: 4.3 - 研究人员: Nabil Irwan - 发布日期: December 31, 2025 Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get - CVE ID: CVE-2023-33999 - CVSS评分: 6.1 - 研究人员: Rafie Muhammad - 发布日期: July 18, 2023 Post Snippets <= 4.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'snippet_content' - CVE ID: CVE-2023-25459 - CVSS评分: 4.4 - 研究人员: Abdi Pranata - 发布日期: May 9, 2023 Freemius SDK <= 2.4.2 - Missing Authorization Checks - CVE ID: CVE-2022-4974 - CVSS评分: 6.3 - 研究人员: Muhammad Adel - 发布日期: March 4, 2022 Post Snippets <= 3.1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting - CVE ID: CVE-2021-25010 - CVSS评分: 9.6 - 研究人员: Muhammad Adel - 发布日期: January 31, 2022 Freemius SDK <= 2.2.3 - Missing Authorization to Arbitrary Options Update - CVE ID: CVE-2021-25010 - CVSS评分: 8.8 - 研究人员: Muhammad Adel - 发布日期: February 25, 2019 其他信息 免责声明: 该页面内容受版权保护，未经许可不得复制、分发或修改。 联系方式: 如有错误或需要更多信息，请联系 support@wordfence.com。 近期漏洞 Post Snippets – Custom WordPress Code Snippets Customizer <= 4.0.12 - Authenticated (Contributor+) Remote Code Execution - CVE ID: CVE-2025-25001 - CVSS评分: 8.8 - 研究人员: Doan Dinh Van (BenVan53) - 发布日期: March 16, 2026 Post Snippets <= 4.0.11 - Cross-Site Request Forgery - CVE ID: CVE-2025-63040 - CVSS评分: 4.3 - 研究人员: Nabil Irwan - 发布日期: December 31, 2025 Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get - CVE ID: CVE-2023-33999 - CVSS评分: 6.1 - 研究人员: Rafie Muhammad - 发布日期: July 18, 2023 Post Snippets <= 4.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'snippet_content' - CVE ID: CVE-2023-25459 - CVSS评分: 4.4 - 研究人员: Abdi Pranata - 发布日期: May 9, 2023 Freemius SDK <= 2.4.2 - Missing Authorization Checks - CVE ID: CVE-2022-4974 - CVSS评分: 6.3 - 研究人员: Muhammad Adel - 发布日期: March 4, 2022 Post Snippets <= 3.1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting - CVE ID: CVE-2021-25010 - CVSS评分: 9.6 - 研究人员: Muhammad Adel - 发布日期: January 31, 2022 Freemius SDK <= 2.2.3 - Missing Authorization to Arbitrary Options Update - CVE ID: CVE-2021-25010 - CVSS评分: 8.8 - 研究人员: Muhammad Adel - 发布日期: February 25, 2019 其他信息 免责声明: 该页面内容受版权保护，未经许可不得复制、分发或修改。 联系方式: 如有错误或需要更多信息，请联系 support@wordfence.com。 近期漏洞 Post Snippets – Custom WordPress Code Snippets Customizer <= 4.0.12 - Authenticated (Contributor+) Remote Code Execution - CVE ID: CVE-2025-25001 - CVSS评分: 8.8 - 研究人员: Doan Dinh Van (BenVan53) - 发布日期: March 16, 2026 Post Snippets <= 4.0.11 - Cross-Site Request Forgery - CVE ID: CVE-2025-63040 - CVSS评分: 4.3 - 研究人员: Nabil Irwan - 发布日期: December 31, 2025 Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get - CVE ID: CVE-2023-33999 - CVSS评分: 6.1 - 研究人员: Rafie Muhammad - 发布日期: July 18, 2023 Post Snippets <= 4.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'snippet_content' - CVE ID: CV

目標達成すべての支援者に感謝 — 100%達成しました！

Post Snippets <= 4.0.19 Stored XSS via Import (CVE-2026-7430)

このソースからの他の記事

目標達成 すべての支援者に感謝 — 100%達成しました！

Post Snippets <= 4.0.19 Stored XSS via Import (CVE-2026-7430)

このソースからの他の記事

目標達成すべての支援者に感謝 — 100%達成しました！