Lucene search
K

10 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-5883

Malware in sbrugna...

8.8CVSS8.7AI score0.00809EPSS
Exploits2References3
OpenVAS
OpenVAS
added 2020/05/29 12:0 a.m.15 views

WordPress Real-Time Find and Replace Plugin < 4.0.2 CSRF Vulnerability

The WordPress plugin Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

8.8CVSS8.9AI score0.00809EPSS
Exploits2References2
NVD
NVD
added 2020/05/28 4:15 a.m.27 views

CVE-2020-13641

An issue was discovered in the Real-Time Find and Replace plugin before 4.0.2 for WordPress. The faroptionspage function did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The find and replace rules could be updated with malicious JavaScript,...

8.8CVSS8.7AI score0.00809EPSS
Exploits2References2
Prion
Prion
added 2020/05/28 4:15 a.m.16 views

Design/Logic Flaw

An issue was discovered in the Real-Time Find and Replace plugin before 4.0.2 for WordPress. The faroptionspage function did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The find and replace rules could be updated with malicious JavaScript,...

6.8CVSS8.6AI score0.00809EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2020/05/28 3:11 a.m.35 views

CVE-2020-13641

An issue was discovered in the Real-Time Find and Replace plugin before 4.0.2 for WordPress. The faroptionspage function did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The find and replace rules could be updated with malicious JavaScript,...

8.8CVSS8.7AI score0.00809EPSS
Exploits2References2
CVE
CVE
added 2020/05/28 3:11 a.m.85 views

CVE-2020-13641

CVE-2020-13641 affects WordPress Real-Time Find and Replace plugin prior to 4.0.2. The root cause is missing nonce verification in far_options_page, enabling forged administrator requests. This CSRF can update find/replace rules to inject malicious JavaScript, which could be executed later in vic...

8.8CVSS8.5AI score0.00809EPSS
Exploits2References2Affected Software1
ThreatPost
ThreatPost
added 2020/04/28 3:8 p.m.511 views

WordPress Plugin Bug Opens 100K Websites to Compromise

A high-severity cross-site request forgery CSRF vulnerability in Real-Time Find and Replace, a WordPress plugin installed on more than 100,000 sites, could lead to cross-site scripting and the injection of malicious JavaScript anywhere on a victim site. According to research from Wordfence releas...

9.4AI score0.26869EPSS
Exploits1References10
wpexploit
wpexploit
added 2020/04/27 12:0 a.m.27 views

Real-Time Find and Replace < 4.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

This flaw could allow any user to inject malicious Javascript anywhere on a site if they could trick a site’s administrator into performing an action, like clicking on a link in a comment or email...

6.8CVSS0.1AI score0.00809EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2020/04/27 12:0 a.m.19 views

Real-Time Find and Replace < 4.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

This flaw could allow any user to inject malicious Javascript anywhere on a site if they could trick a site’s administrator into performing an action, like clicking on a link in a comment or email. PoC...

6.8CVSS1.9AI score0.00809EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2017/04/14 12:0 a.m.9 views

Real Time Find and Replace <= 3.8 - Cross-Site Scripting (XSS)

The Real-Time Find and Replace WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...

1.5AI score
Exploits0References1Affected Software1
Rows per page
Query Builder