cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forsearch-and-replace search-and-replace

Direction: ascending
Jun 07, 2024

Search & Replace # CVE-2024-0756

CVE, Research URL

CVE-2024-0756

Home page URL

Security reports for Search & Replace

Application

Search & Replace

Date
Jun 04, 2024
Research Description
The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 lacks validation of URLs when adding iframes, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page.
Affected versions
max 3.2.2.
Status
vulnerable
Jun 15, 2024

Search & Replace # CVE-2024-4145

CVE, Research URL

CVE-2024-4145

Home page URL

Security reports for Search & Replace

Application

Search & Replace

Date
Jun 13, 2024
Research Description
The Search & Replace WordPress plugin before 3.2.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks (such as within a multi-site network).
Affected versions
max 3.2.2.
Status
vulnerable
Jul 15, 2024

Search & Replace # CVE-2024-38759

CVE, Research URL

CVE-2024-38759

Home page URL

Security reports for Search & Replace

Application

Search & Replace

Date
Jul 22, 2024
Research Description
Deserialization of Untrusted Data vulnerability in WP MEDIA SAS Search & Replace search-and-replace.This issue affects Search & Replace: from n/a through 3.2.2.
Affected versions
max 3.2.3.
Status
vulnerable
Aug 27, 2024

Search & Replace # PSC-2024-64522

PSC, Research URL

PSC-2024-64522

Home page URL

Security reports for Search & Replace

Application

Search & Replace

Date
Aug 05, 2025
Research Description
With the advent of the Plugin Security Certification (PSC) from CleanTalk, the "Search & Replace" plugin has attained a new level of trust and reliability. This certification underscores the commitment to robust security measures, ensuring the integrity of your WordPress database management.
Affected versions
Min 3.2.3, max 3.2.3.
Status
SAFE & CERTIFIED
Jun 14, 2026

Search & Replace # 1daf69e73e2c83843daa9fd94f5abd449c12f160

CVE, Research URL

1daf69e73e2c83843daa9fd94f5abd449c12f160

Home page URL

Security reports for Search & Replace

Application

Search & Replace

Date
May 23, 2024
Research Description
Search &amp; Replace [search-and-replace] < 3.2.2 Search & Replace <= 3.2.1 - Authenticated (Administrator+) SQL injection The Search & Replace plugin for WordPress is vulnerable to SQL Injection via the select_tables parameter in all version up to, and including, 3.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions
max 3.2.2.
Status
vulnerable