Description
The Find And Replace content for WordPress plugin for WordPress is vulnerable to unauthorized Stored Cross-Site Scripting and Arbitrary Content Replacement due to a missing capability check on the far_admin_ajax_fun() function in all versions up to, and including, 1.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts into pages that can make privilege escalation and malicious redirects possible.
Published: 2025-10-15
Score: 7.2 High
EPSS: < 1% Very Low
KEV: No
Impact: Stored Cross‑Site Scripting with Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

The Find And Replace content for WordPress plugin is vulnerable to unauthorized stored cross‑site scripting and arbitrary content replacement. Missing capability checks in the far_admin_ajax_fun() function allow unauthenticated attackers to inject malicious scripts into posts or pages. Once injected, these scripts execute in the context of any user who views the content, enabling privilege escalation and malicious redirects.

Affected Systems

Vulnerable versions of the Find And Replace content for WordPress plugin, authored by jankimoradiya, include all releases up to and including 1.1. Administrators or users with access to the plugin's dashboard may be able to exploit the flaw. The issue affects the plugin only; the core WordPress installation is not directly impacted.

Risk and Exploitability

With a CVSS score of 7.2, the flaw represents a high‑impact vulnerability. The EPSS score of less than 1% indicates a very low likelihood of exploitation at the time of this analysis, and the vulnerability is not listed in CISA's KEV catalog. The attack vector is inferred to be through the plugin's AJAX endpoint that lacks proper capability checks, allowing remote unauthenticated code injection.

Generated by OpenCVE AI on April 21, 2026 at 02:19 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Find And Replace content for WordPress plugin to the latest version that addresses the capability check issue.
  • If the plugin is not required, deactivate or delete it from the WordPress installation to eliminate the attack vector.
  • Ensure that any custom or third‑party code does not expose the far_admin_ajax_fun() endpoint without proper capability checks; consider implementing a role‑based restriction or using a security plugin to block unauthenticated access to administrative AJAX actions.

Generated by OpenCVE AI on April 21, 2026 at 02:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 21 Oct 2025 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Jankimoradiya
Jankimoradiya find And Replace Content
Wordpress
Wordpress wordpress
Vendors & Products Jankimoradiya
Jankimoradiya find And Replace Content
Wordpress
Wordpress wordpress

Wed, 15 Oct 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 15 Oct 2025 08:45:00 +0000

Type Values Removed Values Added
Description The Find And Replace content for WordPress plugin for WordPress is vulnerable to unauthorized Stored Cross-Site Scripting and Arbitrary Content Replacement due to a missing capability check on the far_admin_ajax_fun() function in all versions up to, and including, 1.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts into pages that can make privilege escalation and malicious redirects possible.
Title Find And Replace content for WordPress <= 1.1 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N'}

Subscriptions

Jankimoradiya Find And Replace Content
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T17:19:36.400Z

Reserved: 2025-09-11T23:27:17.039Z

Link: CVE-2025-10313

cve-icon Vulnrichment

Updated: 2025-10-15T14:10:10.615Z

cve-icon NVD

Status : Deferred

Published: 2025-10-15T09:15:40.373

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-10313

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-21T02:30:25Z

Weaknesses