Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) discovered by WordFence in WordPress Real-Time Find and Replace plugin (versions <= 3.9).
Update the WordPress Real-Time Find and Replace plugin to the latest available version (at least 4.0.2).