IS THERE A NORMAL SANE PERSON OUT THERE THAT UNDERSTANDS WHAT ON EARTH THE FOLLOWING LETTER IS TALKING ABOUT, BECAUSE I HAVEN’T THE FAINTEST IDEA.
I WOULD TRY TO GET IT TRANSLATED BUT I’VE NO IDEA WHAT LANGUAGE IT IS WRITTEN IN, IT DOESN’T APPEAR TO BE IN ENGLISH AND I’VE LOST MY GOBBLEDEGOOK DICTIONARY.
On January 23rd, our Threat Intelligence team discovered a vulnerability in Code Snippets, a WordPress plugin installed on over 200,000 sites.
The flaw allowed anybody to forge a request on behalf of an administrator and inject executable code on a vulnerable site. This is a Cross-Site Request Forgery (CSRF) to Remote Code Execution (RCE) vulnerability.
This is a high severity security issue that could cause complete site takeover, information disclosure, and more. We highly recommend updating to the latest version (2.14.0) immediately.
Read more about this critical vulnerability and what you need to do to protect your sites on the Wordfence blog.
Chloe Chamberland – Wordfence Threat Analyst