Search criteria
6 vulnerabilities found for better_find_and_replace by codesolz
FKIE_CVE-2022-1472
Vulnerability from fkie_nvd - Published: 2022-06-20 11:15 - Updated: 2024-11-21 06:40
Severity ?
Summary
The Better Find and Replace WordPress plugin before 1.3.6 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection
References
| URL | Tags | ||
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/9c608b14-dc5e-469e-b97a-84696fae804c | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/9c608b14-dc5e-469e-b97a-84696fae804c | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| codesolz | better_find_and_replace | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesolz:better_find_and_replace:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "F87A1888-99C6-4B38-859D-63CB9556AC10",
"versionEndExcluding": "1.3.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Better Find and Replace WordPress plugin before 1.3.6 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection"
},
{
"lang": "es",
"value": "El plugin Better Find and Replace de WordPress versiones anteriores a 1.3.6 no sanea, valida y escapa de varios par\u00e1metros antes de usarlos en una sentencia SQL, conllevando a una inyecci\u00f3n SQL"
}
],
"id": "CVE-2022-1472",
"lastModified": "2024-11-21T06:40:47.477",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-20T11:15:09.367",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/9c608b14-dc5e-469e-b97a-84696fae804c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/9c608b14-dc5e-469e-b97a-84696fae804c"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "contact@wpscan.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2021-24676
Vulnerability from fkie_nvd - Published: 2021-10-04 12:15 - Updated: 2024-11-21 05:53
Severity ?
Summary
The Better Find and Replace WordPress plugin before 1.2.9 does not escape the 's' GET parameter before outputting back in the All Masking Rules page, leading to a Reflected Cross-Site Scripting issue
References
| URL | Tags | ||
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/59589e74-f901-4f4d-81de-26ad19d1b7fd | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/59589e74-f901-4f4d-81de-26ad19d1b7fd | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| codesolz | better_find_and_replace | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesolz:better_find_and_replace:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "40FE838B-4F23-4C24-884D-90D820F3F2BD",
"versionEndExcluding": "1.2.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Better Find and Replace WordPress plugin before 1.2.9 does not escape the \u0027s\u0027 GET parameter before outputting back in the All Masking Rules page, leading to a Reflected Cross-Site Scripting issue"
},
{
"lang": "es",
"value": "El plugin Better Find and Replace de WordPress versiones anteriores a 1.2.9, no escapa del par\u00e1metro GET \"s\" antes de devolver la informaci\u00f3n en la p\u00e1gina All Masking Rules, conllevando un problema de tipo Cross-Site Scripting Reflejado"
}
],
"id": "CVE-2021-24676",
"lastModified": "2024-11-21T05:53:32.593",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-04T12:15:08.983",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/59589e74-f901-4f4d-81de-26ad19d1b7fd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/59589e74-f901-4f4d-81de-26ad19d1b7fd"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "contact@wpscan.com",
"type": "Secondary"
}
]
}
CVE-2022-1472 (GCVE-0-2022-1472)
Vulnerability from cvelistv5 – Published: 2022-06-20 10:25 – Updated: 2024-08-03 00:03
VLAI?
Title
Better Find and Replace < 1.3.6 - Admin+ SQLi
Summary
The Better Find and Replace WordPress plugin before 1.3.6 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection
Severity ?
No CVSS data available.
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Better Find and Replace |
Affected:
1.3.6 , < 1.3.6
(custom)
|
Credits
lucy
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:06.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/9c608b14-dc5e-469e-b97a-84696fae804c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Better Find and Replace",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.3.6",
"status": "affected",
"version": "1.3.6",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "lucy"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Better Find and Replace WordPress plugin before 1.3.6 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-20T10:25:49",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/9c608b14-dc5e-469e-b97a-84696fae804c"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Better Find and Replace \u003c 1.3.6 - Admin+ SQLi",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1472",
"STATE": "PUBLIC",
"TITLE": "Better Find and Replace \u003c 1.3.6 - Admin+ SQLi"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Better Find and Replace",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.3.6",
"version_value": "1.3.6"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "lucy"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Better Find and Replace WordPress plugin before 1.3.6 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/9c608b14-dc5e-469e-b97a-84696fae804c",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/9c608b14-dc5e-469e-b97a-84696fae804c"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1472",
"datePublished": "2022-06-20T10:25:49",
"dateReserved": "2022-04-26T00:00:00",
"dateUpdated": "2024-08-03T00:03:06.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24676 (GCVE-0-2021-24676)
Vulnerability from cvelistv5 – Published: 2021-10-04 11:20 – Updated: 2024-08-03 19:42
VLAI?
Title
Better Find and Replace < 1.2.9 - Reflected Cross-Site Scripting
Summary
The Better Find and Replace WordPress plugin before 1.2.9 does not escape the 's' GET parameter before outputting back in the All Masking Rules page, leading to a Reflected Cross-Site Scripting issue
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Better Find and Replace |
Affected:
1.2.9 , < 1.2.9
(custom)
|
Credits
apple502j
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:42:16.023Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/59589e74-f901-4f4d-81de-26ad19d1b7fd"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Better Find and Replace",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.2.9",
"status": "affected",
"version": "1.2.9",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "apple502j"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Better Find and Replace WordPress plugin before 1.2.9 does not escape the \u0027s\u0027 GET parameter before outputting back in the All Masking Rules page, leading to a Reflected Cross-Site Scripting issue"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-04T11:20:20",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/59589e74-f901-4f4d-81de-26ad19d1b7fd"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Better Find and Replace \u003c 1.2.9 - Reflected Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24676",
"STATE": "PUBLIC",
"TITLE": "Better Find and Replace \u003c 1.2.9 - Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Better Find and Replace",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.2.9",
"version_value": "1.2.9"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "apple502j"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Better Find and Replace WordPress plugin before 1.2.9 does not escape the \u0027s\u0027 GET parameter before outputting back in the All Masking Rules page, leading to a Reflected Cross-Site Scripting issue"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/59589e74-f901-4f4d-81de-26ad19d1b7fd",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/59589e74-f901-4f4d-81de-26ad19d1b7fd"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24676",
"datePublished": "2021-10-04T11:20:20",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:42:16.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1472 (GCVE-0-2022-1472)
Vulnerability from nvd – Published: 2022-06-20 10:25 – Updated: 2024-08-03 00:03
VLAI?
Title
Better Find and Replace < 1.3.6 - Admin+ SQLi
Summary
The Better Find and Replace WordPress plugin before 1.3.6 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection
Severity ?
No CVSS data available.
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Better Find and Replace |
Affected:
1.3.6 , < 1.3.6
(custom)
|
Credits
lucy
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:06.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/9c608b14-dc5e-469e-b97a-84696fae804c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Better Find and Replace",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.3.6",
"status": "affected",
"version": "1.3.6",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "lucy"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Better Find and Replace WordPress plugin before 1.3.6 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-20T10:25:49",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/9c608b14-dc5e-469e-b97a-84696fae804c"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Better Find and Replace \u003c 1.3.6 - Admin+ SQLi",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1472",
"STATE": "PUBLIC",
"TITLE": "Better Find and Replace \u003c 1.3.6 - Admin+ SQLi"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Better Find and Replace",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.3.6",
"version_value": "1.3.6"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "lucy"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Better Find and Replace WordPress plugin before 1.3.6 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/9c608b14-dc5e-469e-b97a-84696fae804c",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/9c608b14-dc5e-469e-b97a-84696fae804c"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1472",
"datePublished": "2022-06-20T10:25:49",
"dateReserved": "2022-04-26T00:00:00",
"dateUpdated": "2024-08-03T00:03:06.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24676 (GCVE-0-2021-24676)
Vulnerability from nvd – Published: 2021-10-04 11:20 – Updated: 2024-08-03 19:42
VLAI?
Title
Better Find and Replace < 1.2.9 - Reflected Cross-Site Scripting
Summary
The Better Find and Replace WordPress plugin before 1.2.9 does not escape the 's' GET parameter before outputting back in the All Masking Rules page, leading to a Reflected Cross-Site Scripting issue
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Better Find and Replace |
Affected:
1.2.9 , < 1.2.9
(custom)
|
Credits
apple502j
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:42:16.023Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/59589e74-f901-4f4d-81de-26ad19d1b7fd"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Better Find and Replace",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.2.9",
"status": "affected",
"version": "1.2.9",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "apple502j"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Better Find and Replace WordPress plugin before 1.2.9 does not escape the \u0027s\u0027 GET parameter before outputting back in the All Masking Rules page, leading to a Reflected Cross-Site Scripting issue"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-04T11:20:20",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/59589e74-f901-4f4d-81de-26ad19d1b7fd"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Better Find and Replace \u003c 1.2.9 - Reflected Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24676",
"STATE": "PUBLIC",
"TITLE": "Better Find and Replace \u003c 1.2.9 - Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Better Find and Replace",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.2.9",
"version_value": "1.2.9"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "apple502j"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Better Find and Replace WordPress plugin before 1.2.9 does not escape the \u0027s\u0027 GET parameter before outputting back in the All Masking Rules page, leading to a Reflected Cross-Site Scripting issue"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/59589e74-f901-4f4d-81de-26ad19d1b7fd",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/59589e74-f901-4f4d-81de-26ad19d1b7fd"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24676",
"datePublished": "2021-10-04T11:20:20",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:42:16.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}