Find And Replace All Project: >> Find And Replace All Security Vulnerabilities
The Find and Replace All WordPress plugin before 1.3 does not have CSRF check when replacing string, which could allow attackers to make a logged admin replace arbitrary string in database tables via a CSRF attack
CVSS Score
4.3
EPSS Score
0.001
Published
2022-11-28
The Find and Replace All WordPress plugin before 1.3 does not sanitize and escape some parameters from its setting page before outputting them back to the user, leading to a Reflected Cross-Site Scripting issue.
CVSS Score
6.1
EPSS Score
0.001
Published
2022-11-28