Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total2

Critical0

High1

Medium1

Search Severity Year Type Sort Order

Reset

Showing 1-2 of 2 records

Threat Entry Updated 2025-11-12

CVE-2025-9334 - Real Time Auto Find And Replace Plugin

The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to Limited Code Injection in all versions up to, and including, 1.7.7. This is due to insufficient input validation and restriction on the 'rtafar_ajax' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to call arbitrary plugin functions and execute code within those functions.

PLUGIN Real Time Auto Find And Replace

CVE-2025-9334

HIGH CVSS 8.8 2025-11-08

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2025-11-06

CVE-2025-12360 - Real Time Auto Find And Replace Plugin

The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to unauthorized API usage due to a missing capability check on the rtafar_ajax() function in all versions up to, and including, 1.7.7. This makes it possible for authenticated attackers, with Subscriber-level access, to trigger OpenAI API key usage resulting in quota consumption potentially incurring cost.

PLUGIN Real Time Auto Find And Replace

CVE-2025-12360

MEDIUM CVSS 4.3 2025-11-06

Risk Score

Open Full Technical Breakdown

Blog

"Prevention is cheaper than a breach"

Threat Database

CVE-2025-9334 - Real Time Auto Find And Replace Plugin

CVE-2025-12360 - Real Time Auto Find And Replace Plugin

Company Links

Contact Us