プラットフォーム
wordpress
コンポーネント
real-time-auto-find-and-replace
修正版
1.7.8
CVE-2025-9334 describes a limited code injection vulnerability discovered in the Better Find and Replace – AI-Powered Suggestions plugin for WordPress. This flaw allows authenticated attackers, even those with Subscriber-level access, to execute arbitrary plugin functions due to insufficient input validation within the 'rtafar_ajax' function. The vulnerability impacts versions 1.0.0 through 1.7.7, and a patch is available in version 1.7.8.
The impact of CVE-2025-9334 is significant, as it enables authenticated attackers to execute arbitrary code within the plugin's context. This could allow an attacker to modify site content, steal sensitive data, install malicious plugins, or even gain full control of the WordPress site. The requirement for only Subscriber-level access lowers the barrier to exploitation, increasing the potential attack surface. While the injection is 'limited,' the ability to call arbitrary plugin functions provides a substantial attack vector, particularly if the plugin itself contains vulnerabilities or insecure code.
CVE-2025-9334 was publicly disclosed on 2025-11-08. There is currently no indication of active exploitation campaigns targeting this vulnerability. The vulnerability is not listed on the CISA KEV catalog at the time of writing. Public proof-of-concept exploits are not widely available, but the vulnerability's nature suggests that they are likely to emerge if the plugin remains unpatched on vulnerable systems.
WordPress sites using the Better Find and Replace – AI-Powered Suggestions plugin, particularly those with a large number of users with Subscriber-level or higher access, are at risk. Shared hosting environments where plugin updates are not managed centrally are also particularly vulnerable, as they may be slow to apply the necessary patch.
• wordpress / plugin: Use wp-cli plugin update to check for available updates.
• wordpress / plugin: Search plugin files (e.g., rtafar_ajax.php) for instances of user-supplied data being directly used in function calls without proper sanitization.
• generic web: Monitor WordPress access logs for unusual requests to wp-content/plugins/better-find-and-replace-ai-powered-suggestions/ajax-handler.php with potentially malicious parameters.
• generic web: Use curl to test the wp-content/plugins/better-find-and-replace-ai-powered-suggestions/ajax-handler.php endpoint with crafted payloads to attempt code execution (only on test environments!).
curl -X POST -d 'param1=system("whoami")' https://your-wordpress-site.com/wp-content/plugins/better-find-and-replace-ai-powered-suggestions/ajax-handler.phpdisclosure
エクスプロイト状況
EPSS
0.13% (32% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation for CVE-2025-9334 is to immediately upgrade the Better Find and Replace – AI-Powered Suggestions plugin to version 1.7.8 or later. If upgrading is not immediately feasible due to compatibility issues or testing requirements, consider temporarily restricting access to the 'rtafarajax' endpoint. While not a complete fix, this can reduce the immediate risk. Monitor WordPress access logs for suspicious activity related to the plugin, specifically requests to the 'rtafarajax' endpoint with unusual parameters. After upgrading, confirm the vulnerability is resolved by attempting to trigger the injection with a known payload and verifying that it is blocked.
Actualice el plugin Better Find and Replace – AI-Powered Suggestions a la versión 1.7.8 o superior para mitigar la vulnerabilidad de inyección de código. La actualización corrige la validación de entrada insuficiente que permite a atacantes autenticados ejecutar código arbitrario. Asegúrese de realizar una copia de seguridad de su sitio web antes de actualizar el plugin.
脆弱性分析と重要アラートをメールでお届けします。
CVE-2025-9334 is a code injection vulnerability affecting the Better Find and Replace – AI-Powered Suggestions WordPress plugin, allowing authenticated users to execute arbitrary plugin functions.
You are affected if your WordPress site uses the Better Find and Replace – AI-Powered Suggestions plugin in versions 1.0.0 through 1.7.7.
Upgrade the Better Find and Replace – AI-Powered Suggestions plugin to version 1.7.8 or later to resolve the vulnerability.
There is currently no evidence of active exploitation, but the vulnerability's nature makes it a potential target.
Refer to the plugin developer's website or WordPress plugin repository for the official advisory and update information.
依存関係ファイルをアップロードすれば、このCVEや他のCVEがあなたに影響するか即座にわかります。