Security Advisory

CVE-2020-13641

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-05-28 03:11:16

Last updated 2024-08-04 12:25:16

Assigner mitre

State PUBLISHED

Description

An issue was discovered in the Real-Time Find and Replace plugin before 4.0.2 for WordPress. The far_options_page function did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The find and replace rules could be updated with malicious JavaScript, allowing for that be executed later in the victims browser.

← Browse all CVEs View on cve.org ↗