Better Search Replace < 1.4.5 - PHP Object Injection

The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. I...

EUVD-2026-14009

The Linksy Search and Replace plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'linksysearchandreplaceitemdetails' function in all versions up to, and including, 1.0.4. This makes it possible for authenticated attackers, with...

CVE-2026-2941 Linksy Search and Replace <= 1.0.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Database Update via linksy_search_and_replace_item_details

The Linksy Search and Replace plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'linksysearchandreplaceitemdetails' function in all versions up to, and including, 1.0.4. This makes it possible for authenticated attackers, with...

CVE-2026-2941

CVE-2026-2941 affects the WordPress plugin Linksy Search and Replace . The vulnerability arises from a missing capability check in the function linksy_search_and_replace_item_details across all versions up to and including 1.0.4, allowing authenticated users with subscriber-level access and above...

WordPress plugin Linksy Search and Replace 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

EUVD-2024-37604

Malicious code in bioql PyPI...

EUVD-2025-4348

Malicious code in bioql PyPI...

EUVD-2025-24910

Malicious code in bioql PyPI...

PT-2025-33385 · Creativemindssolutions · Cm On Demand Search/Replace

Name of the Vulnerable Software and Affected Versions: CreativeMindsSolutions CM On Demand Search And Replace versions through 1.5.2 Description: The software contains an Improper Neutralization of Input During Web Page Generation issue, which allows for Stored Cross-site Scripting XSS...

CVE-2022-2593

The Better Search Replace WordPress plugin before 1.4.1 does not properly sanitise and escape table data before inserting it into a SQL query, which could allow high privilege users to perform SQL Injection attacks...

CVE-2025-27297

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in guelben Bravo Search & Replace bravo-search-and-replace allows Blind SQL Injection.This issue affects Bravo Search & Replace: from n/a through = 1.0...

CVE-2025-27297

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in guelben Bravo Search & Replace bravo-search-and-replace allows Blind SQL Injection.This issue affects Bravo Search & Replace: from n/a through = 1.0...

CVE-2025-27297 WordPress Bravo Search & Replace Plugin <= 1.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in guelben Bravo Search & Replace bravo-search-and-replace allows Blind SQL Injection.This issue affects Bravo Search & Replace: from n/a through = 1.0...

CVE-2025-27297

CVE-2025-27297 affects the WordPress Bravo Search & Replace plugin (versions

CVE-2024-38759

Deserialization of Untrusted Data vulnerability in WP MEDIA SAS Search & Replace search-and-replace.This issue affects Search & Replace: from n/a through 3.2.2...

CVE-2024-38759 WordPress Search & Replace plugin <= 3.2.2 - Deserialization of untrusted data vulnerability

Deserialization of Untrusted Data vulnerability in WP MEDIA SAS Search & Replace search-and-replace.This issue affects Search & Replace: from n/a through 3.2.2...

CVE-2024-38759 WordPress Search & Replace plugin <= 3.2.2 - Deserialization of untrusted data vulnerability

Deserialization of Untrusted Data vulnerability in WP MEDIA SAS Search & Replace search-and-replace.This issue affects Search & Replace: from n/a through 3.2.2...

CVE-2024-38759

CVE-2024-38759 is a Deserialization of Untrusted Data vulnerability in the WordPress plugin WP MEDIA SAS Search & Replace (Search & Replace) affecting versions from n/a up to and including 3.2.2. The root cause is deserialization of untrusted data leading to potential compromise. The connected do...

WordPress Search & Replace Plugin <= 3.2.2 is vulnerable to Deserialization of untrusted data

Software Search & Replace Type Plugin Vulnerable versions = 3.2.2 Fixed in 3.2.3 OWASP Top 10 A3: Injection Classification Deserialization of untrusted data CVE CVE-2024-38759 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID d349741333a6 Credits Trình Vũ Sonicrrrr from...

CVE-2024-4145

The Search & Replace WordPress plugin before 3.2.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks such as within a multi-site network...