CVE-2022-1218

The Domain Replace WordPress plugin through 1.3.8 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting...

WordPress Domain Replace plugin <= 1.3.8 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Domain Replace plugin versions = 1.3.8. Solution Deactivate and delete. This plugin has been closed as of April 4, 2022 and is not available for download. This closure is temporary, pending a full review...

Domain Replace <= 1.3.8 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting PoC https://example.com/wp-admin/admin.php?page=dr-convert=%3Csvg%2Fonload%3Dalert%28%2Fxss%2F%29%3E...

CVE-2020-13641

An issue was discovered in the Real-Time Find and Replace plugin before 4.0.2 for WordPress. The faroptionspage function did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The find and replace rules could be updated with malicious JavaScript,...

WordPress Enable Media Replace Plugin - Multiple Vulnerabilities

In general, impact of this plugin is information retrieval and manipulation, arbitrary code execution. More details: there exist multiple vulnerabilities in Enable Media Replace plugin for WordPress: 1. Users can perform SQL injection attacks against the plugin. 2. Users can upload arbitrary file...