The CM On Demand Search And Replace plugin contains a CSRF flaw (CWE‑352) that could allow an attacker to trick a user who is logged into the WordPress site into executing actions the plugin author intended only for an admin interface. Such unintended activity might include arbitrary search‑and‑replace operations that could modify large amounts of content or otherwise interfere with site operation. The CVSS score of 4.3 reflects a moderate risk level, indicating that the flaw can impact the confidentiality or integrity of data depending on how an attacker uses the abused functionality.

All WordPress installations running CreativeMindsSolutions CM On Demand Search And Replace version 1.5.2 or earlier are potentially affected, encompassing every release from the initial build through the 1.5.2 release.

The EPSS score of less than 1% suggests that, at present, exploitation is unlikely to be widespread. The flaw is not listed in the CISA KEV catalog, further indicating limited real‑world use. However, CSRF attacks are typically client‑side and require the victim to be logged in and to be directed to a crafted request. Given that the plug‑in’s administrative forms likely do not include robust anti‑CSRF tokens, the risk is moderate; an authenticated user could inadvertently execute privileged actions if no additional safeguards are in place.