cleantalk
Vulnerabilities and Security Researches

Better Find and Replace, CVE-2021-24676

CVE, Research URL

CVE-2021-24676

Home page URL

Security reports for Better Find and Replace

Application

Better Find and Replace

Published on
Oct 04, 2021
Research Description
The Better Find and Replace WordPress plugin before 1.2.9 does not escape the 's' GET parameter before outputting back in the All Masking Rules page, leading to a Reflected Cross-Site Scripting issue
Affected versions
max 1.3.4.
Status
vulnerable
Previous vulnerability researches
Better Find and Replace (CVE-2025-24734) , Jan 29, 2025
Better Find and Replace (CVE-2021-24676) , Jun 07, 2024
Better Find and Replace (CVE-2022-1472) , Jun 07, 2024
Better Find and Replace (CVE-2024-39636) , Aug 02, 2024
Better Find and Replace (CVE-2025-12360) , Dec 10, 2025
New vulnerability
Smart Online Order for Clover (CVE-2025-15635) , Apr 17, 2026
Basic Google Maps Placemarks (CVE-2026-3581) , Apr 17, 2026
MyRewards – Loyalty Points and Rewards for WooCommerce – Reward orders, referrals, product reviews and more (CVE-2026-40786) , Apr 17, 2026
Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress (CVE-2025-9318) , Apr 17, 2026
Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress (CVE-2025-9294) , Apr 17, 2026