Developers behind WordPress plugin Code Snippets have issued a patch for the high-severity flaw.
A high-severity vulnerability exists in a popular WordPress plugin, potentially opening up 200,000 websites to takeover.
The WordPress plugin in question in Code Snippets, which allows users to run small chunks of PHP code on their websites. This can be used to extend the functionality of the website (essentially used as a mini-plugin). The flaw (CVE-2020-8417) has been patched by the plugin’s developer, Code Snippets Pro.
“This is a high severity security issue that could cause complete site takeover, information disclosure, and more,” said Chloe Chamberland with Wordfence, who discovered the flaw, in an analysis this week. “We highly recommend updating to the latest version (2.14.0) immediately.”
For More Details :
https://threatpost.com/200k-wordpress-sites-vulnerable-to-plugin-flaw/152415/
