GCVE - cpe:2.3:a:f1logic:insert_php_code_snippet:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:f1logic:insert_php_code_snippet:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	F1Logic (`687f64d9-33a9-5c64-be32-7bcd3d011056`)
Product	Insert Php Code Snippet (`815723d9-f2ca-5567-9e2d-aabc04d0c2c3`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/wp-plugins/insert-php-code-snippet`	purl2cpe	2026-06-01 10:14:55.120101
`pkg:github/wpplugins/insert-php-code-snippet`	purl2cpe	2026-06-01 10:14:55.120106

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-64356`	vulnerable	2026-06-08 07:39:18.420430	WordPress Insert PHP Code Snippet plugin <= 1.4.3 - Broken Access Control vulnerability MEDIUM (4.3) Missing Authorization vulnerability in f1logic Insert PHP Code Snippet insert-php-code-snippet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Insert PHP Code Snippet: from n/a through <= 1.4.3. Published: 2025-10-31T11:42:26.908Z Updated: 2026-04-28T18:30:41.150Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/insert-php-code-snippet/vulnerability/wordpress-insert-php-code-snippet-plugin-1-4-3-broken-access-control-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-7420`	vulnerable	2026-06-08 06:58:22.148269	Insert PHP Code Snippet <= 1.3.6 - Cross-Site Request Forgery to Code Snippet Activate/Deactivate/Deletion MEDIUM (5.8) The Insert PHP Code Snippet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6. This is due to missing or incorrect nonce validation in the /admin/snippets.php file. This makes it possible for unauthenticated attackers to activate/deactivate and delete code snippets via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. CVE-2024-43275 appears to be a duplicate of this issue. Published: 2024-08-15T02:30:35.992Z Updated: 2026-04-08T17:05:12.955Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/88001f3c-f5cc-4051-a713-788014e2241a?source=cve https://plugins.trac.wordpress.org/browser/insert-php-code-snippet/trunk/admin/snippets.php#L28 https://plugins.trac.wordpress.org/changeset/3134787/insert-php-code-snippet/trunk/admin/snippets.php	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-0658`	vulnerable	2026-06-08 06:22:01.648368	Insert PHP Code Snippet <= 1.3.4 - Authenticated (Admin+) Stored Cross-Site Scripting MEDIUM (4.4) The Insert PHP Code Snippet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user's name when accessing the insert-php-code-snippet-manage page in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. Published: 2024-02-20T18:56:44.688Z Updated: 2026-04-08T17:20:43.966Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/c4a6b786-d0ef-41f6-b2bf-83307ec02b91?source=cve https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033503%40insert-php-code-snippet&new=3033503%40insert-php-code-snippet&sfp_email=&sfph_mail=	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.