CVE-2025-13035 | Code Snippets Plugin up to 3.9.1 on WordPress extract filepath code injection

November 18, 2025 Yanac

A vulnerability described as critical has been identified in Code Snippets Plugin up to 3.9.1 on WordPress. Impacted is the function extract. Such manipulation of the argument filepath leads to code injection.

This vulnerability is documented as CVE-2025-13035. The attack can be executed remotely. There is not any exploit available.VulDB Recent EntriesRead More

CVE-2025-12349 | Icegram Express Plugin up to 5.9.10 on WordPress Mailing Queue trigger_mailing_queue_sending missing authentication
CVE-2025-63749 | pnetlab 5.3.11 qemu_options command injection