Vulnerabilities and security researches forcm-on-demand-search-and-replace cm-on-demand-search-and-replace

Jun 07, 2024

CVE, Research URL: CVE-2023-28749
Home page URL: Security reports for CM WordPress Search And Replace Plugin
Application: CM WordPress Search And Replace Plugin
Date: Nov 22, 2023
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM On Demand Search And Replace plugin <= 1.3.0 versions.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-31228
Home page URL: Security reports for CM WordPress Search And Replace Plugin
Application: CM WordPress Search And Replace Plugin
Date: Aug 18, 2023
Research Description: Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CreativeMindsSolutions CM On Demand Search And Replace plugin <= 1.3.0 versions.
Affected versions: Min -, max -.
Status: vulnerable

Jul 15, 2024

CVE, Research URL: CVE-2024-5028
Home page URL: Security reports for CM WordPress Search And Replace Plugin
Application: CM WordPress Search And Replace Plugin
Date: Jul 13, 2024
Research Description: The CM WordPress Search And Replace Plugin WordPress plugin before 1.3.9 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
Affected versions: Min -, max -.
Status: vulnerable

Nov 27, 2024

CVE, Research URL: CVE-2024-11202
Home page URL: Security reports for CM WordPress Search And Replace Plugin
Application: CM WordPress Search And Replace Plugin
Date: Nov 26, 2024
Research Description: Multiple plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the cminds_free_guide shortcode in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

Feb 20, 2025

CVE, Research URL: CVE-2025-24694
Home page URL: Security reports for CM WordPress Search And Replace Plugin
Application: CM WordPress Search And Replace Plugin
Date: Mar 03, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeMindsSolutions CM Email Registration Blacklist and Whitelist allows Reflected XSS. This issue affects CM Email Registration Blacklist and Whitelist: from n/a through 1.5.5.
Affected versions: Min -, max -.
Status: vulnerable

Aug 16, 2025

CVE, Research URL: CVE-2025-54727
Home page URL: Security reports for CM WordPress Search And Replace Plugin
Application: CM WordPress Search And Replace Plugin
Date: Aug 15, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeMindsSolutions CM On Demand Search And Replace allows Stored XSS. This issue affects CM On Demand Search And Replace: from n/a through 1.5.2.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2025-54728
Home page URL: Security reports for CM WordPress Search And Replace Plugin
Application: CM WordPress Search And Replace Plugin
Date: Aug 15, 2025
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM On Demand Search And Replace allows Cross Site Request Forgery. This issue affects CM On Demand Search And Replace: from n/a through 1.5.2.
Affected versions: Min -, max -.
Status: vulnerable