WordPress plugin Find And Replace content 安全漏洞

🗓️ 15 Oct 2025 00:00:00Reported by China National Vulnerability Database of Information SecurityType

cnnvd

cnnvd🔗 www.cnnvd.org.cn👁 1 Views

WordPress Find And Replace Content 插件存在跨站脚本漏洞，因 far_admin_ajax_fun 缺少权限校验，可注入载荷执行脚本。

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2025-10313	15 Oct 202511:33	–	circl
CNVD	WordPress Find And Replace content plugin cross-site scripting vulnerability	21 Oct 202500:00	–	cnvd
CVE	CVE-2025-10313	15 Oct 202508:26	–	cve
Cvelist	CVE-2025-10313 Find And Replace content for WordPress <= 1.1 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting	15 Oct 202508:26	–	cvelist
EUVD	EUVD-2025-34541	15 Oct 202508:26	–	euvd
NVD	CVE-2025-10313	15 Oct 202509:15	–	nvd
Patchstack	WordPress Find And Replace content for WordPress plugin <= 1.1 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting vulnerability	15 Oct 202501:08	–	patchstack
RedhatCVE	CVE-2025-10313	16 Oct 202508:33	–	redhatcve
Vulnrichment	CVE-2025-10313 Find And Replace content for WordPress <= 1.1 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting	15 Oct 202508:26	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (October 13, 2025 to October 19, 2025)	23 Oct 202515:44	–	wordfence

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/c0469ece-6f5f-4774-8094-f7f67702a775
plugins	www.plugins.trac.wordpress.org/browser/find-and-replace-content/trunk/function.php
wordpress	www.wordpress.org/plugins/find-and-replace-content/
access	www.access.redhat.com/security/cve/cve-2025-10313

02 Jan 2026 00:00Current

6.1Medium risk

Vulners AI Score6.1

CVSS 3.17.2

EPSS0.00117

SSVC

WordPress 插件跨站脚本漏洞权限校验缺失 far_admin_ajax_fun