Search criteria
4 vulnerabilities found for Better Find and Replace by Unknown
CVE-2022-1472 (GCVE-0-2022-1472)
Vulnerability from cvelistv5 – Published: 2022-06-20 10:25 – Updated: 2024-08-03 00:03
VLAI?
Title
Better Find and Replace < 1.3.6 - Admin+ SQLi
Summary
The Better Find and Replace WordPress plugin before 1.3.6 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection
Severity ?
No CVSS data available.
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Better Find and Replace |
Affected:
1.3.6 , < 1.3.6
(custom)
|
Credits
lucy
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:06.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/9c608b14-dc5e-469e-b97a-84696fae804c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Better Find and Replace",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.3.6",
"status": "affected",
"version": "1.3.6",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "lucy"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Better Find and Replace WordPress plugin before 1.3.6 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-20T10:25:49",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/9c608b14-dc5e-469e-b97a-84696fae804c"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Better Find and Replace \u003c 1.3.6 - Admin+ SQLi",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1472",
"STATE": "PUBLIC",
"TITLE": "Better Find and Replace \u003c 1.3.6 - Admin+ SQLi"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Better Find and Replace",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.3.6",
"version_value": "1.3.6"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "lucy"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Better Find and Replace WordPress plugin before 1.3.6 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/9c608b14-dc5e-469e-b97a-84696fae804c",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/9c608b14-dc5e-469e-b97a-84696fae804c"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1472",
"datePublished": "2022-06-20T10:25:49",
"dateReserved": "2022-04-26T00:00:00",
"dateUpdated": "2024-08-03T00:03:06.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24676 (GCVE-0-2021-24676)
Vulnerability from cvelistv5 – Published: 2021-10-04 11:20 – Updated: 2024-08-03 19:42
VLAI?
Title
Better Find and Replace < 1.2.9 - Reflected Cross-Site Scripting
Summary
The Better Find and Replace WordPress plugin before 1.2.9 does not escape the 's' GET parameter before outputting back in the All Masking Rules page, leading to a Reflected Cross-Site Scripting issue
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Better Find and Replace |
Affected:
1.2.9 , < 1.2.9
(custom)
|
Credits
apple502j
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:42:16.023Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/59589e74-f901-4f4d-81de-26ad19d1b7fd"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Better Find and Replace",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.2.9",
"status": "affected",
"version": "1.2.9",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "apple502j"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Better Find and Replace WordPress plugin before 1.2.9 does not escape the \u0027s\u0027 GET parameter before outputting back in the All Masking Rules page, leading to a Reflected Cross-Site Scripting issue"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-04T11:20:20",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/59589e74-f901-4f4d-81de-26ad19d1b7fd"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Better Find and Replace \u003c 1.2.9 - Reflected Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24676",
"STATE": "PUBLIC",
"TITLE": "Better Find and Replace \u003c 1.2.9 - Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Better Find and Replace",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.2.9",
"version_value": "1.2.9"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "apple502j"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Better Find and Replace WordPress plugin before 1.2.9 does not escape the \u0027s\u0027 GET parameter before outputting back in the All Masking Rules page, leading to a Reflected Cross-Site Scripting issue"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/59589e74-f901-4f4d-81de-26ad19d1b7fd",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/59589e74-f901-4f4d-81de-26ad19d1b7fd"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24676",
"datePublished": "2021-10-04T11:20:20",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:42:16.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1472 (GCVE-0-2022-1472)
Vulnerability from nvd – Published: 2022-06-20 10:25 – Updated: 2024-08-03 00:03
VLAI?
Title
Better Find and Replace < 1.3.6 - Admin+ SQLi
Summary
The Better Find and Replace WordPress plugin before 1.3.6 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection
Severity ?
No CVSS data available.
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Better Find and Replace |
Affected:
1.3.6 , < 1.3.6
(custom)
|
Credits
lucy
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:06.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/9c608b14-dc5e-469e-b97a-84696fae804c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Better Find and Replace",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.3.6",
"status": "affected",
"version": "1.3.6",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "lucy"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Better Find and Replace WordPress plugin before 1.3.6 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-20T10:25:49",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/9c608b14-dc5e-469e-b97a-84696fae804c"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Better Find and Replace \u003c 1.3.6 - Admin+ SQLi",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1472",
"STATE": "PUBLIC",
"TITLE": "Better Find and Replace \u003c 1.3.6 - Admin+ SQLi"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Better Find and Replace",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.3.6",
"version_value": "1.3.6"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "lucy"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Better Find and Replace WordPress plugin before 1.3.6 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/9c608b14-dc5e-469e-b97a-84696fae804c",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/9c608b14-dc5e-469e-b97a-84696fae804c"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1472",
"datePublished": "2022-06-20T10:25:49",
"dateReserved": "2022-04-26T00:00:00",
"dateUpdated": "2024-08-03T00:03:06.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24676 (GCVE-0-2021-24676)
Vulnerability from nvd – Published: 2021-10-04 11:20 – Updated: 2024-08-03 19:42
VLAI?
Title
Better Find and Replace < 1.2.9 - Reflected Cross-Site Scripting
Summary
The Better Find and Replace WordPress plugin before 1.2.9 does not escape the 's' GET parameter before outputting back in the All Masking Rules page, leading to a Reflected Cross-Site Scripting issue
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Better Find and Replace |
Affected:
1.2.9 , < 1.2.9
(custom)
|
Credits
apple502j
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:42:16.023Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/59589e74-f901-4f4d-81de-26ad19d1b7fd"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Better Find and Replace",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.2.9",
"status": "affected",
"version": "1.2.9",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "apple502j"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Better Find and Replace WordPress plugin before 1.2.9 does not escape the \u0027s\u0027 GET parameter before outputting back in the All Masking Rules page, leading to a Reflected Cross-Site Scripting issue"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-04T11:20:20",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/59589e74-f901-4f4d-81de-26ad19d1b7fd"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Better Find and Replace \u003c 1.2.9 - Reflected Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24676",
"STATE": "PUBLIC",
"TITLE": "Better Find and Replace \u003c 1.2.9 - Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Better Find and Replace",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.2.9",
"version_value": "1.2.9"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "apple502j"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Better Find and Replace WordPress plugin before 1.2.9 does not escape the \u0027s\u0027 GET parameter before outputting back in the All Masking Rules page, leading to a Reflected Cross-Site Scripting issue"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/59589e74-f901-4f4d-81de-26ad19d1b7fd",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/59589e74-f901-4f4d-81de-26ad19d1b7fd"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24676",
"datePublished": "2021-10-04T11:20:20",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:42:16.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}