CVE-2025-9334

Name of the Vulnerable Software and Affected Versions Better Find and Replace – AI-Powered Suggestions plugin for WordPress versions through 1.7.7

Description The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is susceptible to Limited Code Injection. This is a result of inadequate input validation and restriction within the rtafar ajax function. Authenticated attackers possessing Subscriber-level access or higher can invoke arbitrary plugin functions and execute code within those functions.

Recommendations Versions prior to and including 1.7.7 should be updated to a newer, fixed version when available. As a temporary workaround, consider restricting access to the rtafar ajax function until a patch is available.