CVE-2020-8417: From CSRF to RCE and WordPress-site takeover

From CSRF to RCE and WordPress-site takeover: CVE-2020-8417

A high-severity Cross-Site Request Forgery (CSRF) vulnerability, tracked as CVE-2020–8417, exists in a popular WordPress plugin called Code Snippets, rendering over 200,000 websites vulnerable to site takeover. In this Blog-post, we will cover what caused the flaw, an example Proof-Of-Concept showing exploitation in a sandbox environment, and mitigation steps. What is the Code Snippets Vulnerability? The National Vulnerability …

From CSRF to RCE and WordPress-site takeover: CVE-2020-8417 Read More »