Vulnerability   
Search   
    Search 187964 CVE descriptions
and 85075 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.113695
Category:Web application abuses
Title:WordPress Real-Time Find and Replace Plugin < 4.0.2 CSRF Vulnerability
Summary:The WordPress plugin Real-Time Find and Replace is prone to; a cross-site request forgery (CSRF) vulnerability.
Description:Summary:
The WordPress plugin Real-Time Find and Replace is prone to
a cross-site request forgery (CSRF) vulnerability.

Vulnerability Insight:
The far_options_page function does not do any nonce verification,
allowing for requests to be forged on behalf of an administrator. The find and replace rules
could be updated with malicious JavaScript, allowing for that be executed later in the victims browser.

Vulnerability Impact:
Successful exploitation would allow an attacker to
perform actions in the context of an administrator.

Affected Software/OS:
WordPress Real-Time Find and Replace plugin through version 4.0.1.

Solution:
Update to version 4.0.2.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2020-13641
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.