10 matches found
EUVD-2020-5883
Malware in sbrugna...
WordPress Real-Time Find and Replace Plugin < 4.0.2 CSRF Vulnerability
The WordPress plugin Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
CVE-2020-13641
An issue was discovered in the Real-Time Find and Replace plugin before 4.0.2 for WordPress. The faroptionspage function did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The find and replace rules could be updated with malicious JavaScript,...
Design/Logic Flaw
An issue was discovered in the Real-Time Find and Replace plugin before 4.0.2 for WordPress. The faroptionspage function did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The find and replace rules could be updated with malicious JavaScript,...
CVE-2020-13641
An issue was discovered in the Real-Time Find and Replace plugin before 4.0.2 for WordPress. The faroptionspage function did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The find and replace rules could be updated with malicious JavaScript,...
CVE-2020-13641
CVE-2020-13641 affects WordPress Real-Time Find and Replace plugin prior to 4.0.2. The root cause is missing nonce verification in far_options_page, enabling forged administrator requests. This CSRF can update find/replace rules to inject malicious JavaScript, which could be executed later in vic...
WordPress Plugin Bug Opens 100K Websites to Compromise
A high-severity cross-site request forgery CSRF vulnerability in Real-Time Find and Replace, a WordPress plugin installed on more than 100,000 sites, could lead to cross-site scripting and the injection of malicious JavaScript anywhere on a victim site. According to research from Wordfence releas...
Real-Time Find and Replace < 4.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
This flaw could allow any user to inject malicious Javascript anywhere on a site if they could trick a site’s administrator into performing an action, like clicking on a link in a comment or email...
Real-Time Find and Replace < 4.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
This flaw could allow any user to inject malicious Javascript anywhere on a site if they could trick a site’s administrator into performing an action, like clicking on a link in a comment or email. PoC...
Real Time Find and Replace <= 3.8 - Cross-Site Scripting (XSS)
The Real-Time Find and Replace WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...