cleantalk
Vulnerabilities and Security Researches

Search & Replace, 1daf69e73e2c83843daa9fd94f5abd449c12f160

CVE, Research URL

1daf69e73e2c83843daa9fd94f5abd449c12f160

Home page URL

Security reports for Search & Replace

Application

Search & Replace

Published on
May 23, 2024
Research Description
Search &amp; Replace [search-and-replace] < 3.2.2 Search & Replace <= 3.2.1 - Authenticated (Administrator+) SQL injection The Search & Replace plugin for WordPress is vulnerable to SQL Injection via the select_tables parameter in all version up to, and including, 3.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions
max 3.2.2.
Status
vulnerable
Previous vulnerability researches
Interactive Medical Drawing of Human Body (CVE-2025-9332) , Oct 11, 2025
Interactive Medical Drawing of Human Body (CVE-2023-53593) , Jun 13, 2026
Interactive Medical Drawing of Human Body (CVE-2022-0388) , Jun 10, 2024
New vulnerability
YITH WooCommerce Tab Manager (CVE-2022-44630) , Jun 14, 2026
AI Moderator for BuddyPress (CVE-2023-33999) , Jun 14, 2026
Goal Tracker &#8211; Custom Event Tracking for GA4 (CVE-2023-33999) , Jun 14, 2026
Age Verification Screen for WooCommerce (CVE-2023-33999) , Jun 14, 2026
Time Sheets (CVE-2013-6880) , Jun 14, 2026