{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3369", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2026-02-27T21:16:05.738Z", "datePublished": "2026-04-16T11:21:21.822Z", "dateUpdated": "2026-04-16T14:04:23.811Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-16T11:21:21.822Z"}, "affected": [{"vendor": "codesolz", "product": "Better Find and Replace \u2013 AI-Powered Suggestions", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.7.9", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Better Find and Replace \u2013 AI-Powered Suggestions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via uploaded image title in versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "title": "Better Find and Replace \u2013 AI-Powered Suggestions <= 1.7.9 - Authenticated (Author+) Stored Cross-Site Scripting via Uploaded Image Title", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/497c2f5f-ed7d-486e-baf2-aefbe3dc412f?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3477632/real-time-auto-find-and-replace"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Supanat Konprom"}], "timeline": [{"time": "2026-02-27T21:31:18.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2026-04-15T22:04:39.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-16T14:04:12.740798Z", "id": "CVE-2026-3369", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-16T14:04:23.811Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3369", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-16T14:04:12.740798Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-16T14:04:19.194Z"}}], "cna": {"title": "Better Find and Replace \u2013 AI-Powered Suggestions <= 1.7.9 - Authenticated (Author+) Stored Cross-Site Scripting via Uploaded Image Title", "credits": [{"lang": "en", "type": "finder", "value": "Supanat Konprom"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "codesolz", "product": "Better Find and Replace \u2013 AI-Powered Suggestions", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.7.9"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-02-27T21:31:18.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2026-04-15T22:04:39.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/497c2f5f-ed7d-486e-baf2-aefbe3dc412f?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3477632/real-time-auto-find-and-replace"}], "descriptions": [{"lang": "en", "value": "The Better Find and Replace \u2013 AI-Powered Suggestions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via uploaded image title in versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-16T11:21:21.822Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3369", "state": "PUBLISHED", "dateUpdated": "2026-04-16T14:04:23.811Z", "dateReserved": "2026-02-27T21:16:05.738Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-04-16T11:21:21.822Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Better Find and Replace \u2013 AI-Powered Suggestions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via uploaded image title in versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "id": "CVE-2026-3369", "lastModified": "2026-04-22T20:22:50.570", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2026-04-16T12:16:08.233", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3477632/real-time-auto-find-and-replace"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/497c2f5f-ed7d-486e-baf2-aefbe3dc412f?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.7.9]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Better Find and Replace \u2013 AI-Powered Suggestions", "source": "cna", "vendor": "codesolz"}, "product": "better_find_and_replace_\u2013_ai-powered_suggestions", "vendor": "codesolz"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-17T03:25:13.258805+00:00", "value": {"mitigation_remediation": ["Upgrade the Better Find and Replace \u2013 AI\u2011Powered Suggestions plugin to the latest version (\u22651.8.0) which contains the input sanitization fix.", "If an upgrade is not possible immediately, manually remove or sanitize any image titles that contain suspicious characters by using the plugin\u2019s edit interface or a database query that strips tags from the image_title field.", "Disable the image title functionality or the entire plugin until the upgrade is applied, ensuring no further XSS vectors remain active."], "summary": {"action": "Patch Now", "impact": "Stored Cross\u2011Site Scripting"}, "threat_synthesis": {"affected_systems": "This issue affects the Better Find and Replace \u2013 AI\u2011Powered Suggestions plugin published by Codesolz. All WordPress sites running a vulnerable version of the plugin, from the original release up to and including 1.7.9, are potentially exposed. Sites that have upgraded to a newer release are not impacted.", "description_and_impact": "The reported vulnerability resides in the image title field of the Better Find and Replace \u2013 AI\u2011Powered Suggestions WordPress plugin. Due to inadequate input sanitization and lack of output escaping, attackers who have author\u2011level or higher privileges can inject arbitrary scripts into the title of an uploaded image. When a user later views a page containing that image, the injected scripts are executed in the context of the site, allowing the attacker to run malicious code on the victim's browser. The flaw aligns with CWE\u201179, which signifies an XSS weakness.", "risk_and_exploitability": "The CVSS score of 5.4 indicates a moderate risk. No EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog, suggesting current exploitation evidence is limited. Nonetheless, the flaw requires only an authenticated author or higher account, a role commonly granted to content editors, making the attack vector readily achievable through legitimate plugin usage. The absence of a publicly released exploit does not reduce the need for remediation, as the stored XSS can be leveraged to compromise site visitors."}}}}, "created": "2026-04-16T18:58:37.030895+00:00", "updated": "2026-04-17T03:30:08.595194+00:00", "vendors": ["codesolz", "codesolz$PRODUCT$better_find_and_replace_\u2013_ai-powered_suggestions", "wordpress", "wordpress$PRODUCT$wordpress"]}