PT-2025-42298 · WordPress · Find/Replace Content For Wordpress

Ifoundbug

Published

2025-10-15

Updated

2025-10-15

CVE-2025-10313

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Find And Replace content for WordPress plugin versions prior to 1.2

Description The Find And Replace content for WordPress plugin for WordPress is susceptible to unauthorized Stored Cross-Site Scripting and Arbitrary Content Replacement. This is due to a missing capability check on the far admin ajax fun() function. This allows unauthenticated attackers to inject arbitrary web scripts into pages, potentially leading to privilege escalation and malicious redirects.

Recommendations Update to version 1.2 or later.

Fix

LPE

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2025-10313

Affected Products

Find/Replace Content For Wordpress

PT-2025-42298 · WordPress · Find/Replace Content For Wordpress

CVE-2025-10313

Weakness Enumeration

Related Identifiers

Affected Products

References · 7