CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/04/16 11:21 a.m.•28 views

CVE-2026-3369 Better Find and Replace – AI-Powered Suggestions <= 1.7.9 - Authenticated (Author+) Stored Cross-Site Scripting via Uploaded Image Title

The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via uploaded image title in versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

5.4CVSS0.00011EPSS

Exploits0References2

CNNVD•added 2026/04/16 12:0 a.m.•4 views

WordPress plugin Better Find and Replace – AI-Powered Suggestions 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.4CVSS5.8AI score0.00011EPSS

RedhatCVE•added 2026/01/09 8:33 a.m.•4 views

CVE-2024-39636

Deserialization of Untrusted Data vulnerability in CodeSolz Better Find and Replace.This issue affects Better Find and Replace: from n/a through 1.6.1...

8.3CVSS6.9AI score0.01EPSS

Patchstack•added 2025/11/10 1:42 a.m.•4 views

WordPress Better Find and Replace plugin <= 1.7.7 - Authenticated (Subscriber+) Limited Code Injection vulnerability

Authenticated Subscriber+ Limited Code Injection vulnerability discovered by ISMAILSHADOW in WordPress Plugin Better Find and Replace versions = 1.7.7...

8.8CVSS7.1AI score0.00092EPSS

RedhatCVE•added 2025/11/09 5:58 a.m.•2 views

CVE-2025-9334

The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to Limited Code Injection in all versions up to, and including, 1.7.7. This is due to insufficient input validation and restriction on the 'rtafarajax' function. This makes it possible for authenticated...

8.8CVSS6.8AI score0.00092EPSS

Vulnrichment•added 2025/11/08 5:52 a.m.•2 views

CVE-2025-9334 Better Find and Replace <= 1.7.7 - Authenticated (Subscriber+) Limited Code Injection

8.8CVSS6.3AI score0.00092EPSS

Exploits0References5

CNNVD•added 2025/11/08 12:0 a.m.•1 views

WordPress plugin Better Find and Replace – AI-Powered Suggestions 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A code injection...

8.8CVSS7.5AI score0.00092EPSS

Exploits0References6

NVD•added 2025/11/06 8:15 a.m.•4 views

CVE-2025-12360

The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to unauthorized API usage due to a missing capability check on the rtafarajax function in all versions up to, and including, 1.7.7. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS0.00036EPSS

EUVD•added 2025/11/06 7:27 a.m.•2 views

EUVD-2025-37979

4.3CVSS4.7AI score0.00036EPSS

Exploits0References4

CVE•added 2025/11/06 7:27 a.m.•7 views

CVE-2025-12360

CVE-2025-12360 affects the WordPress plugin Better Find and Replace – AI-Powered Suggestions . The vulnerability is a missing capability check in the rtafar_ajax() handler, present in all versions up to and including 1.7.7. As a result, authenticated attackers with Subscriber-level access can tri...

4.3CVSS4.8AI score0.00036EPSS

Cvelist•added 2025/11/06 7:27 a.m.•15 views

CVE-2025-12360 Better Find and Replace <= 1.7.7 - Missing Authorization

4.3CVSS0.00036EPSS

Vulnrichment•added 2025/11/06 7:27 a.m.•2 views

CVE-2025-12360 Better Find and Replace <= 1.7.7 - Missing Authorization

4.3CVSS4.8AI score0.00036EPSS

Patchstack•added 2025/11/06 1:7 a.m.•4 views

WordPress Better Find and Replace plugin <= 1.7.7 - Missing Authorization vulnerability

Missing Authorization vulnerability discovered by Adrian Lukita in WordPress Plugin Better Find and Replace versions = 1.7.7...

4.3CVSS6.7AI score0.00036EPSS

Positive Technologies•added 2025/11/06 12:0 a.m.•3 views

PT-2025-45180

Name of the Vulnerable Software and Affected Versions Better Find and Replace – AI-Powered Suggestions plugin for WordPress versions through 1.7.7 Description The software is susceptible to unauthorized API usage because of a missing capability check within the rtafar ajax function. This allows...

4.3CVSS6.3AI score0.00036EPSS

Exploits0References6

CNNVD•added 2025/11/06 12:0 a.m.•1 views

WordPress plugin Better Find and Replace – AI-Powered Suggestions 授权问题漏洞

4.3CVSS6.3AI score0.00036EPSS

CNVD•added 2025/10/21 12:0 a.m.•2 views

WordPress Find And Replace content plugin cross-site scripting vulnerability

WordPress Find And Replace content plugin is a plugin used to batch find and replace the specified text in the website content, mainly used to solve the problem of batch modification in the website content update demand. A cross-site scripting vulnerability exists in the WordPress Find And Replac...

7.2CVSS6.2AI score0.00117EPSS

Vulnrichment•added 2025/10/15 8:26 a.m.•4 views

CVE-2025-10313 Find And Replace content for WordPress <= 1.1 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting

The Find And Replace content for WordPress plugin for WordPress is vulnerable to unauthorized Stored Cross-Site Scripting and Arbitrary Content Replacement due to a missing capability check on the faradminajaxfun function in all versions up to, and including, 1.1. This makes it possible for...

7.2CVSS4.6AI score0.00117EPSS

Patchstack•added 2025/10/15 1:8 a.m.•6 views

WordPress Find And Replace content for WordPress plugin <= 1.1 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting vulnerability

Missing Authorization to Unauthenticated Stored Cross-Site Scripting vulnerability discovered by ifoundbug in WordPress Plugin Find And Replace content for WordPress versions = 1.1...

7.2CVSS5.5AI score0.00117EPSS