Primary

Context

Better Find and Replace WordPress Plugin Missing Authorization Vulnerability

Vulnerability

A vulnerability exists in the Better Find and Replace – AI-Powered Suggestions plugin for WordPress, in all versions through 1.7.7. The issue arises from a missing capability check in the rtafar_ajax() function, allowing authenticated attackers with Subscriber-level access to misuse the OpenAI API key. This unauthorized usage can lead to excessive quota consumption, potentially incurring costs.

Impact

Exploitation of this vulnerability allows for unauthorized usage of the OpenAI API, leading to increased costs for the affected WordPress site.

Remediation

Users can update to version 1.7.8 or a newer patched version to address this vulnerability.

Added: Nov 6, 2025, 8:19 AM

Updated: Nov 6, 2025, 8:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.0

exploitability

5.9

remediation

7.7

relevance

0.9

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.0

exploitability

5.9

remediation

7.7

relevance

0.9

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Better Find and Replace WordPress Plugin Missing Authorization Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating