CVE-2022-29429
📋 TL;DR
This vulnerability allows attackers to execute arbitrary code on WordPress sites running the Code Snippets Extended plugin version 1.4.7 or earlier. Attackers can exploit a Cross-Site Request Forgery (CSRF) flaw to trick authenticated administrators into performing actions that lead to remote code execution. All WordPress sites using vulnerable versions of this plugin are affected.
💻 Affected Systems
- WordPress Code Snippets Extended plugin
📦 What is this software?
Code Snippets Extended by Code Snippets Extended Project
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of the WordPress site with attacker gaining full control, installing backdoors, stealing data, defacing the site, or using it as a foothold for lateral movement.
Likely Case
Attackers inject malicious code snippets that create backdoors, redirect visitors to malicious sites, or install cryptocurrency miners.
If Mitigated
With proper CSRF protections and input validation, the attack would be blocked before reaching the vulnerable code.
🎯 Exploit Status
Exploitation requires tricking an authenticated administrator into clicking a malicious link or visiting a compromised page. The CSRF vulnerability bypasses normal authentication checks.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.4.8 or later
Vendor Advisory: https://wordpress.org/plugins/code-snippets-extended/#developers
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Code Snippets Extended' and click 'Update Now'. 4. Alternatively, download version 1.4.8+ from WordPress.org and manually replace the plugin files.
🔧 Temporary Workarounds
Disable plugin
allTemporarily disable the vulnerable plugin until patching is possible
wp plugin deactivate code-snippets-extended
Implement CSRF protection
allAdd WordPress nonce verification to plugin files if custom patching is possible
Manual code modification required - add wp_verify_nonce() checks
🧯 If You Can't Patch
- Disable the Code Snippets Extended plugin immediately
- Implement web application firewall rules to block suspicious requests to the plugin's endpoints
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for Code Snippets Extended version numberCheck Version:
wp plugin get code-snippets-extended --field=versionVerify Fix Applied:
Verify plugin version is 1.4.8 or higher in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to /wp-admin/admin.php?page=code-snippets-extended
- Unexpected code snippet creation/modification in plugin logs
- Administrator actions from unusual IP addresses or user agents
Network Indicators:
- HTTP requests containing malicious code snippets in POST data
- Requests to plugin endpoints without proper CSRF tokens
SIEM Query:
source="wordpress.log" AND ("code-snippets-extended" OR "admin.php?page=code-snippets-extended") AND status=200🔗 References
- https://patchstack.com/database/vulnerability/code-snippets-extended/wordpress-code-snippets-extended-plugin-1-4-7-cross-site-request-forgery-csrf-leading-to-remote-code-execution-rce-vulnerability
- https://wordpress.org/plugins/code-snippets-extended/#developers
- https://patchstack.com/database/vulnerability/code-snippets-extended/wordpress-code-snippets-extended-plugin-1-4-7-cross-site-request-forgery-csrf-leading-to-remote-code-execution-rce-vulnerability
- https://wordpress.org/plugins/code-snippets-extended/#developers
