CVE-2020-8417

HIGH LAB

Code Snippets < 2.14.0 - Cross-Site Request Forgery via Import Menu

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2020-8417. PoCs published by waleweewe12, Vulnmachines, Rapidsafeguard.

AI-analyzed exploit summary This repository contains a functional exploit PoC for CVE-2020-8417, targeting the Code Snippets plugin for WordPress. It includes a Docker Compose setup to replicate a vulnerable environment and the plugin's source code, demonstrating the vulnerability in a controlled manner.

Description

The Code Snippets plugin before 2.14.0 for WordPress allows CSRF because of the lack of a Referer check on the import menu.

Exploits (3)

nomisec WORKING POC 1 stars

by waleweewe12 · poc

https://github.com/waleweewe12/CVE-2020-8417

View Code ZIP pw:eip

This repository contains a functional exploit PoC for CVE-2020-8417, targeting the Code Snippets plugin for WordPress. It includes a Docker Compose setup to replicate a vulnerable environment and the plugin's source code, demonstrating the vulnerability in a controlled manner.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Code Snippets plugin for WordPress (versions prior to 2.14.0)

Auth required

Prerequisites: WordPress installation with vulnerable Code Snippets plugin · Administrator access to WordPress

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec SUSPICIOUS 1 stars

by Vulnmachines · poc

https://github.com/Vulnmachines/WordPress_CVE-2020-8417

View Code ZIP pw:eip

The repository lacks exploit code and only contains a README with social media links and a YouTube video reference, which is typical of suspicious repos aiming to redirect users elsewhere.

Classification

Suspicious 90%

Attack Type

Other

Complexity

Theoretical

Reliability

Theoretical

Target: WordPress

No auth needed

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec NO CODE