logo
DATABASE RESOURCES PRICING ABOUT US

Better Find and Replace < 1.2.9 - Reflected Cross-Site Scripting

Description

The plugin does not escape the 's' GET parameter before outputting back in the All Masking Rules page, leading to a Reflected Cross-Site Scripting issue ### PoC https://example.com/wp-admin/admin.php?page=cs-all-masking-rules&s;=


Affected Software


CPE Name Name Version
real-time-auto-find-and-replace 1.2.9

Related