CVE-2022-1472

HIGH

Better Find and Replace WordPress Plugin < 1.3.6 - SQL Injection

Title source: llm
STIX 2.1

Description

The Better Find and Replace WordPress plugin before 1.3.6 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/9c608b14-dc5e-469e-b97a-84696fae804c

Scores

CVSS v3 7.2
EPSS 0.0124
EPSS Percentile 65.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
codesolz/better_find_and_replace < 1.3.6
Published Jun 20, 2022
Tracked Since Feb 18, 2026