CVE-2020-8417: From CSRF to RCE and WordPress-site takeover

A high-severity Cross-Site Request Forgery (CSRF) vulnerability, tracked as CVE-2020–8417, exists in a popular WordPress plugin called Code Snippets, rendering over 200,000 websites vulnerable to site takeover. In this Blog-post, we will cover what caused the flaw, an example Proof-Of-Concept showing exploitation in a sandbox environment, and mitigation steps. What is the Code Snippets Vulnerability? The National Vulnerability Database(NVD) describes CVE-2020–8417 as, The Code Snippets plugin before 2.14.0 for WordPress allows CSRF because of the lack of a Referer check on the import menu. I will explain this in 3 simple steps: The plugin allowed users to add snippets of PHP code to extend the functionality of a WordPress-powered website, without adding custom snippets to their theme’s functions.php file. Code Snippets offers an import menu for importing code onto[…]