Update This WordPress Plugin to Prevent Site Hijacking
Security researchers have discovered a serious vulnerability present in older versions of the popular WordPress Code Snippets plugin that could allow attackers to remotely hijack a person’s website. The plugin developers have released a patch to fix the bug, but more than 200,000 websites are still at risk.
Code Snippets allow WordPress sites to run small snippets of PHP code to add additional functionality without the need for additional plugins, and you can even use pre-written code to streamline the process. It is a useful tool for people who may not have the programming skills to write plugins themselves, but as the Threat Post explains in their bug report, the Code Snippet import tool cannot check the source and security of the code first, which means users might inadvertently import and run malicious code. This could open up their sites to various attacks, including allowing hackers to execute commands without administrator access.
The bug is scary, but fixable. If your WordPress page uses code snippets, you should update the plugin immediately, especially before adding or running any new code on your site. You can get the update by logging into your website backend and going to the Updates section of your WordPress dashboard. You can also download and install the latest version from the WordPress Code Snippet plugins page.