Better Find and Replace – AI-Powered Suggestions

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > Better Find and Replace – AI-Powered Suggestions

Information

Software Type	Plugin
Software Slug	real-time-auto-find-and-replace (view on wordpress.org)
Software Status	Active
Software Author	codesolz
Software Website	codesolz.net
Software Downloads	1,336,236
Software Active Installs	40,000
Software Record Last Updated	June 18, 2026

8 Vulnerabilities

Submit a Vulnerability

Better Find and Replace – AI-Powered Suggestions <= 1.7.9 - Authenticated (Author+) Stored Cross-Site Scripting via Uploaded Image Title

5.4

CVE-2026-3369

Apr 15, 2026

Researcher: kai63001

Better Find and Replace <= 1.7.7 - Authenticated (Subscriber+) Limited Code Injection

8.8

CVE-2025-9334

Nov 7, 2025

Researcher: ISMAILSHADOW

Better Find and Replace <= 1.7.7 - Missing Authorization

4.3

CVE-2025-12360

Nov 5, 2025

Researcher: Adrian Lukita

Better Find and Replace <= 1.7.6 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2025-53466

Sep 22, 2025

Researcher: Nabil Irawan

Better Find and Replace <= 1.6.7 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation

8.8

CVE-2025-24734

Jan 27, 2025

Researcher: Ananda Dhakal

Better Find and Replace <= 1.6.1 - Unauthenticated PHP Object Injection

8.3

CVE-2024-39636

Jul 29, 2024

Researcher: Trinh Vu (Sonicrrrr)

Better Find and Replace <= 1.3.5 - Admin+ SQL Injection

7.2

CVE-2022-1472

May 30, 2022

Researcher: lucy

Better Find and Replace <= 1.2.8 - Reflected Cross-Site Scripting

6.1

CVE-2021-24676

Sep 6, 2021

Researcher: apple502j

Title	Status	CVE ID	CVSS	Researchers	Date
Better Find and Replace – AI-Powered Suggestions <= 1.7.9 - Authenticated (Author+) Stored Cross-Site Scripting via Uploaded Image Title	Patched	CVE-2026-3369	5.4	kai63001	April 15, 2026
Better Find and Replace <= 1.7.7 - Authenticated (Subscriber+) Limited Code Injection	Patched	CVE-2025-9334	8.8	ISMAILSHADOW	November 7, 2025
Better Find and Replace <= 1.7.7 - Missing Authorization	Patched	CVE-2025-12360	4.3	Adrian Lukita	November 5, 2025
Better Find and Replace <= 1.7.6 - Authenticated (Administrator+) Stored Cross-Site Scripting	Patched	CVE-2025-53466	4.4	Nabil Irawan	September 22, 2025
Better Find and Replace <= 1.6.7 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation	Patched	CVE-2025-24734	8.8	Ananda Dhakal	January 27, 2025
Better Find and Replace <= 1.6.1 - Unauthenticated PHP Object Injection	Patched	CVE-2024-39636	8.3	Trinh Vu (Sonicrrrr)	July 29, 2024
Better Find and Replace <= 1.3.5 - Admin+ SQL Injection	Patched	CVE-2022-1472	7.2	lucy	May 30, 2022
Better Find and Replace <= 1.2.8 - Reflected Cross-Site Scripting	Patched	CVE-2021-24676	6.1	apple502j	September 6, 2021

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation