CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53466 – WordPress Better Find and Replace Plugin <= 1.7.6 - Cross Site Scripting (XSS) Vulnerability
https://notcve.org/view.php?id=CVE-2025-53466
22 Sep 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeSolz Better Find and Replace allows Stored XSS. This issue affects Better Find and Replace: from n/a through 1.7.6. The Better Find and Replace plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, t... • https://patchstack.com/database/wordpress/plugin/real-time-auto-find-and-replace/vulnerability/wordpress-better-find-and-replace-plugin-1-7-6-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24734 – WordPress Better Find and Replace plugin <= 1.6.7 - Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2025-24734
27 Jan 2025 — Missing Authorization vulnerability in CodeSolz Better Find and Replace allows Privilege Escalation. This issue affects Better Find and Replace: from n/a through 1.6.7. The Better Find and Replace plugin for WordPress is vulnerable to unauthorized Privilege Escalation due to a missing capability check on the db_string_replace() function in all versions up to, and including, 1.6.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to replace values in the database th... • https://patchstack.com/database/wordpress/plugin/real-time-auto-find-and-replace/vulnerability/wordpress-better-find-and-replace-plugin-1-6-7-privilege-escalation-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 8.3EPSS: 1%CPEs: 1EXPL: 0CVE-2024-39636 – WordPress Better Find and Replace plugin <= 1.6.1 - PHP Object Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-39636
29 Jul 2024 — Deserialization of Untrusted Data vulnerability in CodeSolz Better Find and Replace.This issue affects Better Find and Replace: from n/a through 1.6.1. The Better Find and Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.1 via deserialization of untrusted input from the 'str' parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via... • https://patchstack.com/database/vulnerability/real-time-auto-find-and-replace/wordpress-better-find-and-replace-plugin-1-6-1-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •