WordPress Linksy Search and Replace plugin <= 1.0.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Database Update via linksy_search_and_replace_item_details vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Database Update via linksysearchandreplaceitemdetails vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Linksy Search and Replace versions = 1.0.4...

CVE-2025-54045 WordPress CM On Demand Search And Replace plugin <= 1.5.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in CreativeMindsSolutions CM On Demand Search And Replace cm-on-demand-search-and-replace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CM On Demand Search And Replace: from n/a through = 1.5.5...

CVE-2025-54727 WordPress CM On Demand Search And Replace Plugin <= 1.5.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CreativeMindsSolutions CM On Demand Search And Replace cm-on-demand-search-and-replace allows Stored XSS.This issue affects CM On Demand Search And Replace: from n/a through = 1.5.2...

WordPress CM On Demand Search And Replace Plugin <= 1.5.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Bao BlueRock in WordPress Plugin CM On Demand Search And Replace versions = 1.5.2...

CVE-2022-1218

The Domain Replace WordPress plugin through 1.3.8 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting...

PT-2025-19761 · WordPress · External Image Replace Plugin

Name of the Vulnerable Software and Affected Versions: External image replace plugin for WordPress versions up to, and including, 1.0.8 Description: The issue is related to missing file type validation in the external image replace get posts::replace post function, allowing authenticated attacker...

CVE-2025-31081 WordPress Enable Media Replace plugin <= 4.1.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ShortPixel Enable Media Replace enable-media-replace allows Reflected XSS.This issue affects Enable Media Replace: from n/a through = 4.1.5...

CVE-2024-54244 WordPress Easy Replace plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Think201 Easy Replace easy-replace allows Stored XSS.This issue affects Easy Replace: from n/a through = 1.3...

WordPress Easy Replace plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Easy Replace versions = 1.3...

CVE-2024-8734

The Lucas String Replace plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.0.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

WordPress Lucas String Replace Plugin <= 2.0.5 is vulnerable to Cross Site Scripting (XSS)

Software Lucas String Replace Type Plugin Vulnerable versions = 2.0.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8734 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d57e73116724 Credits vgo0 Required...

CVE-2024-39636 WordPress Better Find and Replace plugin <= 1.6.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in CodeSolz Better Find and Replace.This issue affects Better Find and Replace: from n/a through 1.6.1...

WordPress FG PrestaShop to WooCommerce Plugin <= 4.45.1 is vulnerable to Sensitive Data Exposure

Software FG PrestaShop to WooCommerce Type Plugin Vulnerable versions = 4.45.1 Fixed in 4.47.0 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2024-30511 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d7bd1db6d6b7...

WordPress Ninja Tables Plugin <= 5.0.5 is vulnerable to Broken Access Control

Software Ninja Tables Type Plugin Vulnerable versions = 5.0.5 Fixed in 5.0.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-23504 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 86a45ee34ff9 Credits emad Required privilege...

CVE-2022-46850

Auth. author+ Broken Access Control vulnerability leading to Arbitrary File Deletion in Nabil Lemsieh Easy Media Replace plugin = 0.1.3 versions...

Improper access control

Auth. author+ Broken Access Control vulnerability leading to Arbitrary File Deletion in Nabil Lemsieh Easy Media Replace plugin = 0.1.3 versions...

CVE-2022-46850 WordPress Easy Media Replace Plugin <= 0.1.3 is vulnerable to Arbitrary File Deletion

Auth. author+ Broken Access Control vulnerability leading to Arbitrary File Deletion in Nabil Lemsieh Easy Media Replace plugin = 0.1.3 versions...

WordPress Gravity Forms Plugin <= 2.7.3 is vulnerable to PHP Object Injection

Software Gravity Forms Type Plugin Vulnerable versions = 2.7.3 Fixed in 2.7.4 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-28782 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID 97930c86f0b1 Credits Rafie Muhammad Patchstack Required privile...

Enable Media Replace Plugin for WordPress < 4.0.2 Arbitrary File Upload

The WordPress Enable Media Replace Plugin installed on the remote host is affected by a arbitrary file upload vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

WordPress Domain Replace plugin跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Domain Replace plugin, which stems from the...