Security researchers discovered a high severity vulnerability in the "Real-Time Find and Replace" plugin found in WordPress. It is vulnerable to Cross-Site Request Forgery (CSRF) that leads to Stored Cross-Site Scripting (Stored XSS) attacks. The flaw impacts all versions up to 3.9.
Successful exploitation allows an attacker to perform malicious activities such as creating rogue administrative user accounts, stealing session cookies, or redirecting users to a malicious site.
WordPress site administrators and owners using the affected product are advised to secure their websites by updating to the latest version (4.0.2) immediately.
More information is available at