Lucene search
K

7 matches found

OSV
OSV
added 2022/11/28 2:15 p.m.4 views

CVE-2022-2311

The Find and Replace All WordPress plugin before 1.3 does not sanitize and escape some parameters from its setting page before outputting them back to the user, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS5.8AI score0.00486EPSS
Exploits2References1
Prion
Prion
added 2022/11/28 2:15 p.m.14 views

Cross site request forgery (csrf)

The Find and Replace All WordPress plugin before 1.3 does not have CSRF check when replacing string, which could allow attackers to make a logged admin replace arbitrary string in database tables via a CSRF attack...

4.3CVSS4.7AI score0.00267EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/11/28 1:47 p.m.5 views

CVE-2022-2311 Find and Replace All < 1.3 - Reflected Cross Site Scripting

The Find and Replace All WordPress plugin before 1.3 does not sanitize and escape some parameters from its setting page before outputting them back to the user, leading to a Reflected Cross-Site Scripting issue...

6AI score0.00486EPSS
Exploits2References1
Cvelist
Cvelist
added 2022/11/28 1:47 p.m.32 views

CVE-2022-2311 Find and Replace All < 1.3 - Reflected Cross Site Scripting

The Find and Replace All WordPress plugin before 1.3 does not sanitize and escape some parameters from its setting page before outputting them back to the user, leading to a Reflected Cross-Site Scripting issue...

6.2AI score0.00486EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2022/11/28 12:0 a.m.5 views

PT-2022-15852 · WordPress · Find/Replace All

Name of the Vulnerable Software and Affected Versions: Find and Replace All WordPress plugin versions prior to 1.3 Description: The issue arises from the plugin not sanitizing and escaping some parameters from its setting page before outputting them back to the user, leading to a Reflected...

6.1CVSS6.1AI score0.00486EPSS
Exploits2References5
Patchstack
Patchstack
added 2022/11/03 12:0 a.m.28 views

WordPress Find and Replace All plugin <= 1.3 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to Arbitrary Replacement discovered by Vinay Varma Mudunuri, Krishna Harsha Kondaveeti in WordPress Find and Replace All plugin versions = 1.3. Solution No patched version available...

2AI score0.00267EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/11/03 12:0 a.m.20 views

WordPress Find and Replace All plugin <= 1.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in WordPress Find and Replace All plugin versions = 1.2. Solution Update the WordPress Find and Replace All plugin to the latest available version at least 1.3...

1.5AI score0.00486EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder