3 matches found
CVE-2020-13641
An issue was discovered in the Real-Time Find and Replace plugin before 4.0.2 for WordPress. The faroptionspage function did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The find and replace rules could be updated with malicious JavaScript,...
WordPress Real-Time Find and Replace Plugin Cross-Site Scripting (CVE-2020-13641)
A cross-site scripting vulnerability exists in WordPress Real-Time Find and Replace Plugin. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...
CVE-2020-13641
CVE-2020-13641 affects WordPress Real-Time Find and Replace plugin prior to 4.0.2. The root cause is missing nonce verification in far_options_page, enabling forged administrator requests. This CSRF can update find/replace rules to inject malicious JavaScript, which could be executed later in vic...