CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
What the vulnerability does
The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via uploaded image title in versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Explanation of Vulnerability in Simple Terms
Better Find and Replace contains a cross-site scripting (XSS) vulnerability in versions up to 1.7.9. An authenticated user can inject malicious scripts that execute in the browsers of other users viewing affected pages. The vulnerability requires user interaction and affects the integrity and confidentiality of site data. Update to a version newer than 1.7.9 to remediate.
What an attacker can do
Inject malicious scripts that run in other users' browsers and steal or modify site data.
Potential impact on your site
Authenticated users can inject scripts affecting other users' sessions and data integrity.
Conditions required to exploit
Attacker must have low-level authentication; victim must visit a page containing the injected payload.
Key dates
External resources
Related vulnerabilities
