Platform
wordpress
Component
real-time-auto-find-and-replace
Fixed in
1.7.8
CVE-2025-9334 describes a limited code injection vulnerability discovered in the Better Find and Replace – AI-Powered Suggestions plugin for WordPress. This flaw allows authenticated attackers, even those with Subscriber-level access, to execute arbitrary plugin functions due to insufficient input validation within the 'rtafar_ajax' function. The vulnerability impacts versions 1.0.0 through 1.7.7, and a patch is available in version 1.7.8.
The impact of CVE-2025-9334 is significant, as it enables authenticated attackers to execute arbitrary code within the plugin's context. This could allow an attacker to modify site content, steal sensitive data, install malicious plugins, or even gain full control of the WordPress site. The requirement for only Subscriber-level access lowers the barrier to exploitation, increasing the potential attack surface. While the injection is 'limited,' the ability to call arbitrary plugin functions provides a substantial attack vector, particularly if the plugin itself contains vulnerabilities or insecure code.
CVE-2025-9334 was publicly disclosed on 2025-11-08. There is currently no indication of active exploitation campaigns targeting this vulnerability. The vulnerability is not listed on the CISA KEV catalog at the time of writing. Public proof-of-concept exploits are not widely available, but the vulnerability's nature suggests that they are likely to emerge if the plugin remains unpatched on vulnerable systems.
Exploit Status
EPSS
0.13% (32% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-9334 is to immediately upgrade the Better Find and Replace – AI-Powered Suggestions plugin to version 1.7.8 or later. If upgrading is not immediately feasible due to compatibility issues or testing requirements, consider temporarily restricting access to the 'rtafarajax' endpoint. While not a complete fix, this can reduce the immediate risk. Monitor WordPress access logs for suspicious activity related to the plugin, specifically requests to the 'rtafarajax' endpoint with unusual parameters. After upgrading, confirm the vulnerability is resolved by attempting to trigger the injection with a known payload and verifying that it is blocked.
Actualice el plugin Better Find and Replace – AI-Powered Suggestions a la versión 1.7.8 o superior para mitigar la vulnerabilidad de inyección de código. La actualización corrige la validación de entrada insuficiente que permite a atacantes autenticados ejecutar código arbitrario. Asegúrese de realizar una copia de seguridad de su sitio web antes de actualizar el plugin.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-9334 is a code injection vulnerability affecting the Better Find and Replace – AI-Powered Suggestions WordPress plugin, allowing authenticated users to execute arbitrary plugin functions.
You are affected if your WordPress site uses the Better Find and Replace – AI-Powered Suggestions plugin in versions 1.0.0 through 1.7.7.
Upgrade the Better Find and Replace – AI-Powered Suggestions plugin to version 1.7.8 or later to resolve the vulnerability.
There is currently no evidence of active exploitation, but the vulnerability's nature makes it a potential target.
Refer to the plugin developer's website or WordPress plugin repository for the official advisory and update information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.