{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-10313", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-09-11T23:27:17.039Z", "datePublished": "2025-10-15T08:26:02.685Z", "dateUpdated": "2026-04-08T17:19:36.400Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:19:36.400Z"}, "affected": [{"vendor": "jankimoradiya", "product": "Find And Replace content for WordPress", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Find And Replace content for WordPress plugin for WordPress is vulnerable to unauthorized Stored Cross-Site Scripting and Arbitrary Content Replacement due to a missing capability check on the far_admin_ajax_fun() function in all versions up to, and including, 1.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts into pages that can make privilege escalation and malicious redirects possible."}], "title": "Find And Replace content for WordPress <= 1.1 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c0469ece-6f5f-4774-8094-f7f67702a775?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/find-and-replace-content/trunk/function.php?rev=1601465"}, {"url": "https://wordpress.org/plugins/find-and-replace-content/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "baseScore": 7.2, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "ifoundbug"}], "timeline": [{"time": "2025-10-14T20:02:51.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-15T14:06:05.367839Z", "id": "CVE-2025-10313", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-15T14:10:17.736Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-10313", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-15T14:06:05.367839Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-15T14:10:10.615Z"}}], "cna": {"title": "Find And Replace content for WordPress <= 1.1 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting", "credits": [{"lang": "en", "type": "finder", "value": "ifoundbug"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "jankimoradiya", "product": "Find And Replace content for WordPress", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-10-14T20:02:51.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c0469ece-6f5f-4774-8094-f7f67702a775?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/find-and-replace-content/trunk/function.php?rev=1601465"}, {"url": "https://wordpress.org/plugins/find-and-replace-content/"}], "descriptions": [{"lang": "en", "value": "The Find And Replace content for WordPress plugin for WordPress is vulnerable to unauthorized Stored Cross-Site Scripting and Arbitrary Content Replacement due to a missing capability check on the far_admin_ajax_fun() function in all versions up to, and including, 1.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts into pages that can make privilege escalation and malicious redirects possible."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:19:36.400Z"}}}, "cveMetadata": {"cveId": "CVE-2025-10313", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:19:36.400Z", "dateReserved": "2025-09-11T23:27:17.039Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-10-15T08:26:02.685Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Find And Replace content for WordPress plugin for WordPress is vulnerable to unauthorized Stored Cross-Site Scripting and Arbitrary Content Replacement due to a missing capability check on the far_admin_ajax_fun() function in all versions up to, and including, 1.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts into pages that can make privilege escalation and malicious redirects possible."}], "id": "CVE-2025-10313", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-10-15T09:15:40.373", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/find-and-replace-content/trunk/function.php?rev=1601465"}, {"source": "security@wordfence.com", "url": "https://wordpress.org/plugins/find-and-replace-content/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c0469ece-6f5f-4774-8094-f7f67702a775?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T02:19:20.760705+00:00", "value": {"mitigation_remediation": ["Upgrade the Find And Replace content for WordPress plugin to the latest version that addresses the capability check issue.", "If the plugin is not required, deactivate or delete it from the WordPress installation to eliminate the attack vector.", "Ensure that any custom or third\u2011party code does not expose the far_admin_ajax_fun() endpoint without proper capability checks; consider implementing a role\u2011based restriction or using a security plugin to block unauthenticated access to administrative AJAX actions."], "summary": {"action": "Immediate Patch", "impact": "Stored Cross\u2011Site Scripting with Privilege Escalation"}, "threat_synthesis": {"affected_systems": "Vulnerable versions of the Find And Replace content for WordPress plugin, authored by jankimoradiya, include all releases up to and including 1.1. Administrators or users with access to the plugin's dashboard may be able to exploit the flaw. The issue affects the plugin only; the core WordPress installation is not directly impacted.", "description_and_impact": "The Find And Replace content for WordPress plugin is vulnerable to unauthorized stored cross\u2011site scripting and arbitrary content replacement. Missing capability checks in the far_admin_ajax_fun() function allow unauthenticated attackers to inject malicious scripts into posts or pages. Once injected, these scripts execute in the context of any user who views the content, enabling privilege escalation and malicious redirects.", "risk_and_exploitability": "With a CVSS score of 7.2, the flaw represents a high\u2011impact vulnerability. The EPSS score of less than 1% indicates a very low likelihood of exploitation at the time of this analysis, and the vulnerability is not listed in CISA's KEV catalog. The attack vector is inferred to be through the plugin's AJAX endpoint that lacks proper capability checks, allowing remote unauthenticated code injection."}}}}, "created": "2025-10-21T09:41:10.877613+00:00", "updated": "2026-04-21T02:30:25.823425+00:00", "vendors": ["jankimoradiya", "jankimoradiya$PRODUCT$find_and_replace_content", "wordpress", "wordpress$PRODUCT$wordpress"]}