CVE-2022-1472
HIGHBetter Find and Replace WordPress Plugin < 1.3.6 - SQL Injection
Title source: llmDescription
The Better Find and Replace WordPress plugin before 1.3.6 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/9c608b14-dc5e-469e-b97a-84696fae804c
Scores
CVSS v3
7.2
EPSS
0.0124
EPSS Percentile
65.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
codesolz/better_find_and_replace
< 1.3.6
Published
Jun 20, 2022
Tracked Since
Feb 18, 2026