Lucene search
K

42 matches found

Cvelist
Cvelist
added 2024/06/13 6:0 a.m.33 views

CVE-2024-4145 Search & Replace < 3.2.2 - Admin+ SQL injection

The Search & Replace WordPress plugin before 3.2.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks such as within a multi-site network...

0.00444EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/06/13 6:0 a.m.14 views

CVE-2024-4145 Search & Replace < 3.2.2 - Admin+ SQL injection

The Search & Replace WordPress plugin before 3.2.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks such as within a multi-site network...

7.5AI score0.00444EPSS
Exploits2References1
Patchstack
Patchstack
added 2024/06/13 12:0 a.m.18 views

WordPress Search & Replace Plugin < 3.2.2 is vulnerable to SQL Injection

Software Search & Replace Type Plugin Vulnerable versions 3.2.2 Fixed in 3.2.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-4145 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 279ec626c422 Credits Krugov Artyom Required privilege Administrator...

7.2CVSS6.8AI score0.00444EPSS
Exploits2References4Affected Software1
wpexploit
wpexploit
added 2024/05/23 12:0 a.m.160 views

Search & Replace < 3.2.2 - Admin+ SQL injection

Description The plugin does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks such as within a multi-site network. 1. Go to the Tools parameter 2. Select Search & Replace 3. Click "Do Search & Replace" 4. Change the parameters...

7.5AI score0.00444EPSS
Exploits2References1
OpenVAS
OpenVAS
added 2024/02/07 12:0 a.m.23 views

WordPress Better Search Replace Plugin < 1.4.5 PHP Object Injection Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:deliciousbrains:bettersearchreplace"; if description...

9.8CVSS7.2AI score0.68047EPSS
Exploits2References1
OSV
OSV
added 2024/02/05 10:15 p.m.5 views

CVE-2023-6933

The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. I...

9.8CVSS7.5AI score0.68047EPSS
Exploits2References3
Prion
Prion
added 2024/02/05 10:15 p.m.24 views

Deserialization of untrusted data

The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. I...

7.5CVSS7.9AI score0.68047EPSS
Exploits2References3Affected Software1
CVE
CVE
added 2024/02/05 9:21 p.m.123 views

CVE-2023-6933

CVE-2023-6933 affects the WordPress plugin Better Search Replace (

9.8CVSS9.6AI score0.68047EPSS
Exploits2References3Affected Software1
CNNVD
CNNVD
added 2024/02/05 12:0 a.m.5 views

WordPress plugin Better Search Replace security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

9.8CVSS7.2AI score0.68047EPSS
Exploits2References4
GithubExploit
GithubExploit
added 2024/01/28 11:16 p.m.1582 views

Exploit for Deserialization of Untrusted Data in Wpengine Better_Search_Replace

PoC exploit for CVE-2023-6933, a vulnerability in a web applicat...

9.8CVSS9.2AI score0.68047EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2024/01/25 12:0 a.m.6 views

PT-2024-15128

Name of the Vulnerable Software and Affected Versions Better Search Replace plugin for WordPress versions up to, and including, 1.4.4 Description The issue is related to PHP Object Injection via deserialization of untrusted input, allowing unauthenticated attackers to inject a PHP Object. If a PO...

9.8CVSS9.5AI score0.68047EPSS
Exploits2References18
Patchstack
Patchstack
added 2024/01/25 12:0 a.m.17 views

WordPress Better Search Replace Plugin <= 1.4.4 is vulnerable to PHP Object Injection

Software Better Search Replace Type Plugin Vulnerable versions = 1.4.4 Fixed in 1.4.5 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-6933 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 3ac241f51ac9 Credits Sam Pizzey mopman Required privilege...

9.8CVSS7.2AI score0.68047EPSS
Exploits2References3Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2024/01/25 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-6933

The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin...

9.8CVSS7.3AI score0.68047EPSS
Exploits2References1
OpenVAS
OpenVAS
added 2023/07/31 12:0 a.m.12 views

WordPress Better Search Replace Plugin < 1.4.1 SQLi Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:deliciousbrains:bettersearchreplace"; if description...

7.2CVSS7.1AI score0.01066EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/08/22 3:15 p.m.2 views

CVE-2022-2593

The Better Search Replace WordPress plugin before 1.4.1 does not properly sanitise and escape table data before inserting it into a SQL query, which could allow high privilege users to perform SQL Injection attacks...

7.2CVSS7.1AI score0.01066EPSS
Exploits2References2
OSV
OSV
added 2022/08/22 3:15 p.m.6 views

CVE-2022-2593

The Better Search Replace WordPress plugin before 1.4.1 does not properly sanitise and escape table data before inserting it into a SQL query, which could allow high privilege users to perform SQL Injection attacks...

7.2CVSS5.9AI score0.01066EPSS
Exploits2References1
NVD
NVD
added 2022/08/22 3:15 p.m.37 views

CVE-2022-2593

The Better Search Replace WordPress plugin before 1.4.1 does not properly sanitise and escape table data before inserting it into a SQL query, which could allow high privilege users to perform SQL Injection attacks...

7.2CVSS0.01066EPSS
Exploits2References1
Prion
Prion
added 2022/08/22 3:15 p.m.28 views

Sql injection

The Better Search Replace WordPress plugin before 1.4.1 does not properly sanitise and escape table data before inserting it into a SQL query, which could allow high privilege users to perform SQL Injection attacks...

5.8CVSS7.1AI score0.01066EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/08/22 3:4 p.m.37 views

CVE-2022-2593 Better Search and Replace < 1.4.1 - Admin+ SQLi

The Better Search Replace WordPress plugin before 1.4.1 does not properly sanitise and escape table data before inserting it into a SQL query, which could allow high privilege users to perform SQL Injection attacks...

7.4AI score0.01066EPSS
Exploits2References1
CVE
CVE
added 2022/08/22 3:4 p.m.60 views

CVE-2022-2593

Summary: CVE-2022-2593 affects the WordPress plugin Better Search Replace, prior to version 1.4.1. The vulnerability arises from improper sanitization and escaping of table data before insertion into SQL queries, potentially enabling high-privilege users to perform SQL injection. The issue is doc...

7.2CVSS7.1AI score0.01066EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder