cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-2311,https://securityvulnerability.io/vulnerability/CVE-2022-2311,Find and Replace All < 1.3 - Reflected Cross Site Scripting,"The Find and Replace All WordPress plugin before 1.3 does not sanitize and escape some parameters from its setting page before outputting them back to the user, leading to a Reflected Cross-Site Scripting issue.",Wordpress,Find And Replace All,6.1,MEDIUM,0.0007600000244565308,false,,false,false,false,,false,false,2022-11-28T13:47:13.639Z,0
CVE-2022-3850,https://securityvulnerability.io/vulnerability/CVE-2022-3850,Find and Replace All <= 1.3 - Arbitrary Replacement via CSRF,"The Find and Replace All WordPress plugin before 1.3 does not have CSRF check when replacing string, which could allow attackers to make a logged admin replace arbitrary string in database tables via a CSRF attack",Wordpress,Find And Replace All,4.3,MEDIUM,0.0006200000061653554,false,,false,false,false,,false,false,2022-11-28T13:47:12.088Z,0
CVE-2022-1472,https://securityvulnerability.io/vulnerability/CVE-2022-1472,Better Find and Replace < 1.3.6 - Admin+ SQLi,"The Better Find and Replace WordPress plugin before 1.3.6 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection",Wordpress,Better Find and Replace,7.2,HIGH,0.0011399999493733048,false,,false,false,false,,false,false,2022-06-20T10:25:49.000Z,0
CVE-2021-24676,https://securityvulnerability.io/vulnerability/CVE-2021-24676,Better Find and Replace < 1.2.9 - Reflected Cross-Site Scripting,"The Better Find and Replace WordPress plugin before 1.2.9 does not escape the 's' GET parameter before outputting back in the All Masking Rules page, leading to a Reflected Cross-Site Scripting issue",Wordpress,Better Find And Replace,6.1,MEDIUM,0.0007999999797903001,false,,false,false,false,,false,false,2021-10-04T11:20:20.000Z,0
CVE-2020-13641,https://securityvulnerability.io/vulnerability/CVE-2020-13641,,"An issue was discovered in the Real-Time Find and Replace plugin before 4.0.2 for WordPress. The far_options_page function did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The find and replace rules could be updated with malicious JavaScript, allowing for that be executed later in the victims browser.",Wordpress,Real-time Find And Replace,8.8,HIGH,0.0033599999733269215,false,,false,false,false,,false,false,2020-05-28T03:11:16.000Z,0