WordPress Plugin Vulnerabilities

Real Time Find and Replace <= 3.8 - Cross-Site Scripting (XSS)

Description

The Real-Time Find and Replace WordPress plugin was affected by a Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
real-time-find-and-replace
Fixed in 3.9

References

URL
https://plugins.trac.wordpress.org/changeset?reponame=&new=1637854%40real-time-find-and-replace&old=1547666%40real-time-find-and-replace

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher
Neven Biruski
Verified
No
WPVDB ID
abe66334-3eee-493b-b673-f5db18e01052

Timeline

Publicly Published
2017-04-14 (about 9 years ago)
Added
2019-06-20 (about 6 years ago)
Last Updated
2020-04-28 (about 6 years ago)

Other

Published
Title
Published
2026-02-18
Title
WP Customer Reviews < 3.7.6 - Reflected Cross-Site Scripting via 'wpcr3_fname' Parameter
Published
2025-10-31
Title
Employee Spotlight – Team Member Showcase & Meet the Team Plugin < 5.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2024-06-06
Title
WP Time Slots Booking Form < 1.2.11 - Unauthenticated Stored Cross-Site Scripting
Published
2023-11-15
Title
Email Encoder Bundle < 2.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
Published
2021-08-13
Title
WP Songbook <= 2.0.11 - Reflected Cross-Site Scripting