A Cross-Site Request Forgery (CSRF) vulnerability has been detected in WPCode – Insert Headers and Footers plugin version 2.0.9 and earlier. The security flaw was found in the WPCode WordPress plugin, which has over a million installations. The vulnerability could enable attackers to delete server files.
The WPCode plugin, previously known as Insert Headers and Footers by WPBeginner, is a well-known plugin that permits WordPress publishers to incorporate code snippets into the header and footer sections of their website. This feature is beneficial for publishers who require adding various codes such as Google Search Console site validation, structured data, CSS code, AdSense code, or anything else that belongs in either the header or footer of a website.
What is Cross-Site Request…
Source link
