CVE-2025-10313 is a vulnerability classified under CWE-862 (Missing Authorization) found in the Find And Replace content for WordPress plugin developed by jankimoradiya. The flaw exists in the far_admin_ajax_fun() function, which lacks proper capability checks, allowing unauthenticated users to invoke this function. This absence of authorization enables attackers to inject arbitrary web scripts into WordPress pages via stored cross-site scripting (XSS) and arbitrary content replacement. Stored XSS can lead to session hijacking, privilege escalation, or redirecting users to malicious sites. The vulnerability affects all versions up to and including 1.1 of the plugin. The CVSS 3.1 base score is 7.2, reflecting a network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and a scope change (S:C) with low confidentiality and integrity impact (C:L/I:L) and no availability impact (A:N). No patches or fixes are currently published, and no known exploits have been reported in the wild. The vulnerability's exploitation could compromise the confidentiality and integrity of affected WordPress sites, enabling attackers to manipulate site content and potentially escalate privileges or conduct phishing attacks via malicious redirects. The vulnerability is particularly dangerous because it does not require authentication or user interaction, making automated exploitation feasible. The affected plugin is used to perform content find-and-replace operations within WordPress, a widely adopted CMS, increasing the potential attack surface.

For European organizations, this vulnerability poses a significant risk to the confidentiality and integrity of their web content and user data. Exploitation could lead to unauthorized content manipulation, defacement, or injection of malicious scripts that compromise user sessions or redirect visitors to malicious sites. This could result in data breaches, loss of customer trust, and regulatory penalties under GDPR if personal data is compromised. Organizations relying on WordPress for e-commerce, media, or corporate websites could face operational disruptions and reputational damage. The lack of authentication requirement and low attack complexity increase the likelihood of exploitation, especially for publicly accessible websites. Additionally, the scope change in the vulnerability means that the impact could extend beyond the plugin itself to other components or user privileges within the WordPress environment. The absence of known exploits currently provides a window for proactive mitigation, but the risk remains high due to the ease of exploitation and potential impact.

1. Immediately audit all WordPress installations to identify the presence of the Find And Replace content plugin by jankimoradiya, especially versions up to 1.1. 2. Disable or remove the vulnerable plugin until an official patch or update is released by the vendor. 3. Restrict access to the WordPress admin AJAX endpoint (/wp-admin/admin-ajax.php) via web application firewalls (WAF) or IP whitelisting to limit exposure to unauthenticated requests. 4. Implement strict Content Security Policy (CSP) headers to mitigate the impact of potential XSS attacks by restricting script sources. 5. Monitor web server logs and WordPress activity logs for unusual or unauthorized AJAX requests targeting the vulnerable function. 6. Educate site administrators about the risks of installing plugins from unverified sources and the importance of timely updates. 7. Once a patch is available, apply it promptly and verify the fix through testing. 8. Consider deploying runtime application self-protection (RASP) tools that can detect and block malicious script injections in real time. 9. Regularly back up website content and configurations to enable quick recovery in case of compromise.