[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fYeYkpw26PLFFZSuJh_AUERG8w1H6PsF1TQ3F7Tf0SBo":3,"$feYiggAzTDwh7ZXaOQcftEGjd7BLKl2QAVDIYfNC2DXk":385,"$fWYxHDFsk-vvCT1Hhlx1DXRPz8USBCR-P2vCGz5cxSds":806},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"discovery_status":32,"pending_findings":33,"architectural_amplifiers":37,"vulnerabilities":40,"developer":75,"crawl_stats":46,"alternatives":83,"analysis":184,"fingerprints":354},"better-search-replace","Better Search Replace","1.4.10","WP Engine","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpengine\u002F","\u003Cp>When moving your WordPress site to a new domain or server, you will likely run into a need to run a search\u002Freplace on the database for everything to work correctly. Fortunately, there are several plugins available for this task, however, all have a different approach to a few key features. This plugin consolidates the best features from these plugins, incorporating the following features in one simple plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Serialization support for all tables\u003C\u002Fli>\n\u003Cli>The ability to select specific tables\u003C\u002Fli>\n\u003Cli>The ability to run a “dry run” to see how many fields will be updated\u003C\u002Fli>\n\u003Cli>No server requirements aside from a running installation of WordPress\u003C\u002Fli>\n\u003Cli>WordPress Multisite support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Time-saving features available in the Pro version:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>View exactly what changed during a search\u002Freplace\u003C\u002Fli>\n\u003Cli>Backup and import the database while running a search\u002Freplace\u003C\u002Fli>\n\u003Cli>Priority email support from the developer of the plugin\u003C\u002Fli>\n\u003Cli>Save or load custom profiles for quickly repeating a search\u002Freplace in the future\u003C\u002Fli>\n\u003Cli>Support and updates for 1 year\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fbettersearchreplace.com\u002F\" rel=\"nofollow ugc\">Learn more about Better Search Replace Pro\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>The search and replace functionality is heavily based on interconnect\u002Fit’s great and open-source Search Replace DB script, modified to use WordPress native database functions to ensure compatibility.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Supported Languages\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>English\u003C\u002Fli>\n\u003Cli>French\u003C\u002Fli>\n\u003Cli>German\u003C\u002Fli>\n\u003Cli>Spanish\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Want to contribute?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Feel free to open an issue or submit a pull request on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fdeliciousbrains\u002Fbetter-search-replace\u002F\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fp>\n","A simple plugin to update URLs or other text in a database.",1000000,17424627,86,541,"2025-12-08T17:21:00.000Z","6.9.4","3.0.1","",[20,21,22,23,24],"search-and-replace","search-replace","search-replace-database","update-database-urls","update-live-url","https:\u002F\u002Fbettersearchreplace.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetter-search-replace.1.4.10.zip",61,2,0,"2024-01-24 00:00:00","2026-04-16T10:56:18.058Z","pending_disclosure",{"critical":29,"high":29,"medium":34,"low":35,"total":36},3,5,8,{"high":38,"medium":39,"low":29,"total":35},1,4,[41,59],{"id":42,"url_slug":43,"title":44,"description":45,"plugin_slug":4,"theme_slug":46,"affected_versions":47,"patched_in_version":48,"severity":49,"cvss_score":50,"cvss_vector":51,"vuln_type":52,"published_date":30,"updated_date":53,"references":54,"days_to_patch":56,"patch_diff_files":57,"patch_trac_url":46,"research_status":46,"research_verified":58,"research_rounds_completed":29,"research_plan":46,"research_summary":46,"research_vulnerable_code":46,"research_fix_diff":46,"research_exploit_outline":46,"research_model_used":46,"research_started_at":46,"research_completed_at":46,"research_error":46,"poc_status":46,"poc_video_id":46,"poc_summary":46,"poc_steps":46,"poc_tested_at":46,"poc_wp_version":46,"poc_php_version":46,"poc_playwright_script":46,"poc_exploit_code":46,"poc_has_trace":58,"poc_model_used":46,"poc_verification_depth":46},"CVE-2023-6933","better-search-replace-unauthenticated-php-object-injection","Better Search Replace \u003C= 1.4.4 - Unauthenticated PHP Object Injection","The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.",null,"\u003C=1.4.4","1.4.5","high",8.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Deserialization of Untrusted Data","2024-07-29 21:36:48",[55],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F895f2db1-a2ed-4a17-a4f6-cd13ee8f84af?source=api-prod",188,[],false,{"id":60,"url_slug":61,"title":62,"description":63,"plugin_slug":4,"theme_slug":46,"affected_versions":64,"patched_in_version":65,"severity":49,"cvss_score":66,"cvss_vector":67,"vuln_type":68,"published_date":69,"updated_date":70,"references":71,"days_to_patch":73,"patch_diff_files":74,"patch_trac_url":46,"research_status":46,"research_verified":58,"research_rounds_completed":29,"research_plan":46,"research_summary":46,"research_vulnerable_code":46,"research_fix_diff":46,"research_exploit_outline":46,"research_model_used":46,"research_started_at":46,"research_completed_at":46,"research_error":46,"poc_status":46,"poc_video_id":46,"poc_summary":46,"poc_steps":46,"poc_tested_at":46,"poc_wp_version":46,"poc_php_version":46,"poc_playwright_script":46,"poc_exploit_code":46,"poc_has_trace":58,"poc_model_used":46,"poc_verification_depth":46},"CVE-2022-2593","better-search-replace-authenticated-administrator-sql-injection","Better Search Replace \u003C= 1.4 - Authenticated (Administrator+) SQL Injection","The plugin Better Search Replace for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.4. This is due to lack of sanitization of user input in the construction of a database query. This makes it possible for authenticated attackers with administrator-level accounts to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","\u003C=1.4","1.4.1",7.2,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","2022-08-01 00:00:00","2024-01-22 19:56:02",[72],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fbd2f495e-63fd-49e4-9d6b-320ed007dacb?source=api-prod",540,[],{"slug":76,"display_name":7,"profile_url":8,"plugin_count":77,"total_installs":78,"avg_security_score":79,"avg_patch_time_days":80,"trust_score":81,"computed_at":82},"wpengine",16,3525410,91,831,73,"2026-05-19T21:14:15.042Z",[84,101,124,145,167],{"slug":85,"name":86,"version":87,"author":88,"author_profile":89,"description":90,"short_description":91,"active_installs":29,"downloaded":92,"rating":93,"num_ratings":38,"last_updated":94,"tested_up_to":95,"requires_at_least":96,"requires_php":97,"tags":98,"homepage":99,"download_link":100,"security_score":93,"vuln_count":29,"unpatched_count":29,"last_vuln_date":46,"fetched_at":31},"quick-search-replace","Quick Search Replace","1.0.0","Delower Hossain","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpdelower\u002F","\u003Cp>Quick Search Replace provides a user-friendly interface to run comprehensive search and replace operations on your WordPress database. This tool is designed to search through \u003Cstrong>every column\u003C\u002Fstrong> of your selected tables, making it a powerful utility for site migrations (e.g., changing domains or switching to HTTPS).\u003C\u002Fp>\n\u003Cp>It correctly handles serialized data and automatically flushes permalinks after a migration to prevent 404 errors.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Comprehensive Search:\u003C\u002Fstrong> Performs replacements in all columns of the selected tables.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Serialization Support:\u003C\u002Fstrong> Correctly handles serialized PHP arrays and objects.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Select Specific Tables:\u003C\u002Fstrong> You have full control to choose exactly which tables to include in the operation.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Dry Run:\u003C\u002Fstrong> Perform a “dry run” to see a report of how many database fields would be changed, without making any actual modifications.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Permalink Flushing:\u003C\u002Fstrong> Automatically flushes WordPress rewrite rules after a live run to ensure your site’s links don’t break.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WordPress Multisite Support:\u003C\u002Fstrong> Fully multisite-aware, listing all tables across the network.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>EXTREME WARNING:\u003C\u002Fstrong> This tool is powerful and modifies your database directly. Because it searches every column, it can change sensitive data like user logins, hashed passwords, and post GUIDs if they match your search string. \u003Cstrong>ALWAYS create a full backup of your database before using this tool.\u003C\u002Fstrong>\u003C\u002Fp>\n","A simple and powerful tool to run search and replace queries on your WordPress database, with full serialization and multisite support.",235,100,"2025-09-24T06:12:00.000Z","6.8.5","6.0","8.0",[20,21,22,23,24],"https:\u002F\u002Fdelowerhossain.com\u002Fplugins\u002Fquick-search-replace","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fquick-search-replace.1.0.0.zip",{"slug":102,"name":103,"version":104,"author":105,"author_profile":106,"description":107,"short_description":108,"active_installs":109,"downloaded":110,"rating":111,"num_ratings":112,"last_updated":113,"tested_up_to":16,"requires_at_least":114,"requires_php":115,"tags":116,"homepage":120,"download_link":121,"security_score":122,"vuln_count":36,"unpatched_count":29,"last_vuln_date":123,"fetched_at":31},"real-time-auto-find-and-replace","Better Find and Replace – AI-Powered Suggestions","1.8.2","CodeSolz","https:\u002F\u002Fprofiles.wordpress.org\u002Fcodesolz\u002F","\u003Ch4>Smart Search, Replace & Media Tool (with AI) for WordPress\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fcodesolz.net\u002Four-products\u002Fwordpress-plugin\u002Freal-time-auto-find-and-replace\u002F?utm_campaign=wordpress-org-visitor&utm_medium=learn_more_about_dokan&utm_source=WordPress.org\" rel=\"nofollow ugc\">Better Find and Replace\u003C\u002Fa> lets you easily search and replace text, HTML, links and media across your entire WordPress site — no coding needed. Perfect for database cleanup, content updates or post-migration edits.\u003C\u002Fp>\n\u003Cp>Replace text or media in bulk with full support for serialized data, custom tables and dry-run previews. AI-powered suggestions help you rewrite or improve content instantly, making your edits smarter and faster.\u003C\u002Fp>\n\u003Cp>Easily find and replace images using drag-and-drop and auto-regenerate thumbnails. You can also update or add  alt text, captions and metadata with the suggestion of AI for better SEO.\u003C\u002Fp>\n\u003Cp>Want to \u003Cstrong>change content without editing your database\u003C\u002Fstrong>? Use real-time masking to update text, links or HTML before the page loads — instantly and safely.\u003C\u002Fp>\n\u003Cp>Built for developers, agencies and site owners, individual ( everyone ) who want fast, accurate control over their content management system — all in one clean, intuitive interface.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>AI-Powered Suggestions\u003C\u002Fstrong> – Use artificial intelligence (AI) to get smart replacement suggestions, enhancing accuracy and efficiency.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Easy to Use\u003C\u002Fstrong> – Clean, user-friendly interface designed for effortless navigation and configuration.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Search and Replace Text\u003C\u002Fstrong> – Find and replace any text across your site, whether in static or dynamic content.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Search and Replace Ajax\u002FjQuery Content\u003C\u002Fstrong> – Works seamlessly with content loaded via Ajax or jQuery on the frontend.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Find and Replace URLs\u003C\u002Fstrong> – Quickly search and replace outdated or incorrect URLs throughout your website.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Replace Images and Attachment URLs\u003C\u002Fstrong> – Replace image links and attachment URLs site-wide with precision.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Word Masking\u003C\u002Fstrong> – Mask specific words site-wide using flexible find and replace rules.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Temporary Find-Replace Rules\u003C\u002Fstrong> – Create live, non-permanent replacements without altering your database.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Edit Footer Credit\u003C\u002Fstrong> – Remove or update footer text without modifying HTML or database content.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>HTML Code Replacement\u003C\u002Fstrong> – Replace anything within HTML code blocks, tags, or content.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-Time Image Replacement\u003C\u002Fstrong> – Replace images instantly during page rendering for dynamic updates.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Comment Word Filtering\u003C\u002Fstrong> – Automatically find and replace inappropriate words in user-submitted comments.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Language Replacement\u003C\u002Fstrong> – Change words or phrases from one language to another across your site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>RegEx Supported\u003C\u002Fstrong> – Use regular expressions for complex and pattern-based search and replace operations.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>HTML Tag & Attribute Replacement\u003C\u002Fstrong> – Locate and replace specific HTML tags or attributes throughout your content.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lightning Fast Database Replace\u003C\u002Fstrong> – High-speed search and replace operations in posts, postmeta, options, and more.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Table Selection\u003C\u002Fstrong> – Choose specific database tables for targeted replacements.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Dry Run Preview\u003C\u002Fstrong> – See a preview of all replacements before applying them to the database.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Whole Word Match\u003C\u002Fstrong> – Replace only exact word matches in the database to avoid partial replacements.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Serialized Data Support\u003C\u002Fstrong> – Safely search and replace serialized data without breaking structure or integrity.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Remove Serialized Items\u003C\u002Fstrong> – Delete specific items from serialized arrays in the database.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Role-Based Access\u003C\u002Fstrong> – Assign plugin management to specific user roles for better control.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Gutenberg and Page Builder Compatible\u003C\u002Fstrong> – Fully supports real-time replacements inside block editors and builders.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Targeted DB Replacement\u003C\u002Fstrong> – Refine search by limiting database replacements to post titles, content, or excerpts.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>How to replace in DB?\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Start by generating a report\u003C\u002Fstrong>: Select the \u003Cstrong>Dry Run\u003C\u002Fstrong> option located at the bottom of the settings section.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Review the report\u003C\u002Fstrong>: A modal window will appear, showing the specific rows and data that will be affected by the replacement.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Proceed if satisfied\u003C\u002Fstrong>: If the preview looks accurate and matches what you intend to replace, simply close the report window, uncheck \u003Cstrong>Dry Run\u003C\u002Fstrong>, and click the \u003Cstrong>Find & Replace\u003C\u002Fstrong> button.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>⚠️ Attention:\u003C\u002Fstrong> Please carefully review the dry run report before making any changes. Once replacements are applied to the database, they \u003Cstrong>cannot be undone\u003C\u002Fstrong>. The PRO version includes an undo feature, but it must be installed before performing the replacement.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>✅ Important Tip:\u003C\u002Fstrong> Always run a dry report first to ensure your search term and replacement are correct. If anything looks off, adjust the keyword and repeat the process until the preview shows the desired results.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Pro Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Database Replacement Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Powerful search and replace in database\u003C\u002Fli>\n\u003Cli>Ultimate solution for search & replace in serialized data & remove item \u003C\u002Fli>\n\u003Cli>Automatic backup of the search and replacement data\u003C\u002Fli>\n\u003Cli>Ultimate easy solution for restore data what you have replaced by mistake\u003C\u002Fli>\n\u003Cli>Ability to check & replace each item separately which going to be replaced in the database\u003C\u002Fli>\n\u003Cli>Bulk Replacement on report’s page, generate by dry run option\u003C\u002Fli>\n\u003Cli>All tables in database\u003C\u002Fli>\n\u003Cli>Search and replace \u003Cstrong>Unicode Characters\u003C\u002Fstrong> \u003Cem>UTF-8  ( e.g: U+0026, REČA )\u003C\u002Fem> in Database\u003C\u002Fli>\n\u003Cli>Additional filtering options in default \u002F custom URLs \u003C\u002Fli>\n\u003Cli>Filter new comments before inserting into Database \u003C\u002Fli>\n\u003Cli>Filter new post before inserting into Database (Good for auto post generation website)\u003C\u002Fli>\n\u003Cli>Special feature to search and replace in \u003Cstrong>large table\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Real-Time Rendering Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>RegEx supported\u003C\u002Fli>\n\u003Cli>Advance Regex – Powerful code blocks \u002F multi-lines find and replace in real-time (masking) rendering\u003C\u002Fli>\n\u003Cli>Advance Regex – Any (CSS \u002F JS \u002F HTML) code Block find and replacement in real-time (masking) rendering\u003C\u002Fli>\n\u003Cli>Masking on Shortcodes\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Advance filtering options\u003C\u002Fstrong> :-\n\u003Cul>\n\u003Cli>Case insensitive – search and replace case sensitive or insensitive\u003C\u002Fli>\n\u003Cli>Whole Word – search and replace whole word \u003C\u002Fli>\n\u003Cli>Unicode – search and replace Unicode Characters\u003C\u002Fli>\n\u003Cli>Skip posts \u002F page \u002F custom taxonomies etc.. urls\u003C\u002Fli>\n\u003Cli>Skip CSS – External, Internal, Inline\u003C\u002Fli>\n\u003Cli>Skip JavaScript – External, Internal\u003C\u002Fli>\n\u003Cli>Skip pages – if you don’t want to apply rules on any specific page\u003C\u002Fli>\n\u003Cli>Skip posts – if you don’t want to apply rules on any specific posts\u003C\u002Fli>\n\u003Cli>Bypass rule  – keep texts unchanged on specific area with special pattern\u003C\u002Fli>\n\u003Cli>Bypass rule  – keep base links \u002F urls ( post, pages, custom taxonomies etc..) unchanged where find word exists in that URL.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Advance Regex – Code blocks \u002F multi lines find and replacement example – (Real-time Rendering)\u003C\u002Fh4>\n\u003Cp>\u003Cem>Find code block and replace with your own or keep blank *replacement field\u003C\u002Fem> to remove code block. Let consider the following CSS code block for replace. Put following\u003Cbr \u002F>\ncode block in find field*\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003Cstyle media=\"screen\">\n    html { margin-top: 32px !important; }\n    * html body { margin-top: 32px !important; }\n    @media screen and ( max-width: 782px ) {\n        html { margin-top: 46px !important; }\n        * html body { margin-top: 46px !important; }\n    }\n\u003C\u002Fstyle>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cem>Then put following code block in *Replace\u003C\u002Fem> field to replace the above code block*\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003Cstyle>\n.site-title a{color: red;}\n\u003C\u002Fstyle>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Join the elite web professionals who enjoy \u003Ca href=\"https:\u002F\u002Fcodesolz.net\u002Four-products\u002Fwordpress-plugin\u002Freal-time-auto-find-and-replace\u002F?utm_source=wordpress.org&utm_medium=README\" rel=\"nofollow ugc\">Better Find And Replace Pro!\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>➡️ Basic Documentation To Get Started\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Setup Video Guide – How to install and setup search and replace rules\u003Cbr \u002F>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FnDv6T72sRfc?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>👉 Real-time search and replace\u003C\u002Fp>\n\u003Cul>\n\u003Cli>General options for filtering\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdocs.codesolz.net\u002Fbetter-find-and-replace\u002Freal-time-find-replace\u002Fgeneral-options\u002F\" rel=\"nofollow ugc\">Live Demo & Documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Advance options for filtering\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdocs.codesolz.net\u002Fbetter-find-and-replace\u002Freal-time-find-replace\u002Fadvance-filters\u002F\" rel=\"nofollow ugc\">Live Demo & Documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>👉 Search and replace in Database\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdocs.codesolz.net\u002Fbetter-find-and-replace\u002Fsearch-replace-in-database\u002F\" rel=\"nofollow ugc\">Live Demo & Documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Find and replace in Database tables\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdocs.codesolz.net\u002Fbetter-find-and-replace\u002Fsearch-replace-in-database\u002Ffind-and-replace-in-tables\u002F\" rel=\"nofollow ugc\">Live Demo & Documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Find and replace in Database URLs\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdocs.codesolz.net\u002Fbetter-find-and-replace\u002Fsearch-replace-in-database\u002Ffind-and-replace-urls\u002F\" rel=\"nofollow ugc\">Live Demo &  Documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Forum and Feature Request\u003C\u002Fh4>\n\u003Cblockquote>\n\u003Ch4>For Quick Support, feature request and bug reporting\u003C\u002Fh4>\n\u003Cul>\n\u003Cli> Visit our website \u003Ca href=\"https:\u002F\u002Fcodesolz.net\u002F?utm_source=wordpress.org&utm_medium=README&utm_campaign=real-time-auto-find-and-replace\" rel=\"nofollow ugc\">To Get Instant Support\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli> For more dedicated support or feature request write to us at \u003Ca href=\"mailto:support@codesolz.net\" rel=\"nofollow ugc\">support@codesolz.net\u003C\u002Fa> or create a ticket \u003Ca href=\"http:\u002F\u002Fsupport.codesolz.net\u002Fpublic\u002Fcreate-ticket\" rel=\"nofollow ugc\"> Support Center\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Visit our forum to share your experience or request features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli> Visit our \u003Ca href=\"https:\u002F\u002Fcodesolz.net\u002Fforum\u002F?utm_source=wordpress.org&utm_medium=README&utm_campaign=real-time-auto-find-and-replace\" rel=\"nofollow ugc\">forum\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>As it’s open source, check our github development Status\u003C\u002Fh4>\n\u003Cul>\n\u003Cli> Check development status or issues in \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FCodeSolz\u002Freal-time-auto-find-and-replace\" rel=\"nofollow ugc\"> github.com\u002FCodeSolz\u002Freal-time-auto-find-and-replace \u003C\u002Fa>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fblockquote>\n","Search and replace text, images, URLs, footer credits, code blocks or jQuery-Ajax content in real time or in Database, easy user-interface",50000,1266470,92,168,"2026-03-22T19:17:00.000Z","5.2","7.2",[117,118,119,20,21],"database","replace","search","https:\u002F\u002Fcodesolz.net\u002Four-products\u002Fwordpress-plugin\u002Freal-time-auto-find-and-replace\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freal-time-auto-find-and-replace.1.8.2.zip",88,"2026-04-15 22:04:39",{"slug":125,"name":126,"version":65,"author":127,"author_profile":128,"description":129,"short_description":130,"active_installs":131,"downloaded":132,"rating":133,"num_ratings":134,"last_updated":135,"tested_up_to":16,"requires_at_least":136,"requires_php":137,"tags":138,"homepage":141,"download_link":142,"security_score":143,"vuln_count":38,"unpatched_count":38,"last_vuln_date":144,"fetched_at":31},"update-urls","Search & Replace Everything – Quick and Easy Way to Find and Replace Text, Links","KaizenCoders","https:\u002F\u002Fprofiles.wordpress.org\u002Fkaizencoders\u002F","\u003Ch4>Important Note\u003C\u002Fh4>\n\u003Cblockquote>\n\u003Cp>This plugin is a fork of a \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fvelvet-blues-update-urls\u002F#description\" rel=\"ugc\">Velvet Blues Update URLS\u003C\u002Fa>. Since, Velvet Blues Update URLS plugin is not actively maintained and not tested with the latest version of WordPress, We decided to maintain and continue to improve.\u003C\u002Fp>\n\u003Cp>So, if you are already using Velvet Blues Update URLS plugin, simply download this plugin and start using it.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>If you move your WordPress website to a new domain name, you will find that internal links to pages and references to images are not updated. Instead, these links and references will point to your old domain name. This plugin fixes that problem by helping you change old urls and links in your website.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>👉 Users can choose to update links embedded in content, excerpts, or custom fields\u003C\u002Fli>\n\u003Cli>👉 Users can choose whether to update links for attachments\u003C\u002Fli>\n\u003Cli>👉 View how many items were updated\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🚀 Time-Saving Features in Update URLs PRO\u003C\u002Fh3>\n\u003Cp>Upgrade to PRO and unlock powerful tools designed to give you complete control, safety, and efficiency while performing database search & replace operations.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>👉 \u003Cstrong>Select Specific Tables for Search\u002FReplace\u003C\u002Fstrong>\u003Cbr \u002F>\n  Choose exactly which WordPress database tables you want to update. No unnecessary changes — only modify what truly matters.\u003C\u002Fp>\n\u003Cp>👉 \u003Cstrong>Perform a Safe Dry Run\u003C\u002Fstrong>\u003Cbr \u002F>\n  Preview the changes before applying them. The Dry Run feature shows exactly what will be updated, helping you avoid costly mistakes.\u003C\u002Fp>\n\u003Cp>👉 \u003Cstrong>Choose Which Results to Apply\u003C\u002Fstrong>\u003Cbr \u002F>\n  After running a Dry Run, you can either apply all changes or selectively execute specific search\u002Freplace results. Full precision. Full control.\u003C\u002Fp>\n\u003Cp>👉 \u003Cstrong>One-Click Database Export & Import\u003C\u002Fstrong>\u003Cbr \u002F>\n  Always backup before making database changes — and now you can do it instantly. PRO includes a built-in one-click database backup and restore feature, so you’re always protected.\u003C\u002Fp>\n\u003Cp>👉 \u003Cstrong>Complete Search\u002FReplace History\u003C\u002Fstrong>\u003Cbr \u002F>\n  Keep track of every operation performed. View detailed history logs to monitor changes and maintain accountability.\u003C\u002Fp>\n\u003Cp>👉 \u003Cstrong>One-Click Undo (Rollback)\u003C\u002Fstrong>\u003Cbr \u002F>\n  Made a mistake? No problem. Instantly undo or roll back a search\u002Freplace operation with a single click.\u003C\u002Fp>\n\u003Cp>👉 \u003Cstrong>Save & Load Custom Profiles\u003C\u002Fstrong>\u003Cbr \u002F>\n  Frequently repeat the same search\u002Freplace tasks? Save custom profiles and reload them anytime to streamline recurring workflows.\u003C\u002Fp>\n\u003Cp>👉 \u003Cstrong>Priority Email Support and updates\u003C\u002Fstrong>\u003Cbr \u002F>\n  Your success matters to us. PRO users receive priority support and ongoing updates to ensure a smooth and reliable experience.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fkaizencoders.com\u002Fupdate-urls\" rel=\"nofollow ugc\">Update URLs PRO\u003C\u002Fa> is built for developers, agencies, and site owners who want speed, safety, and total confidence while managing their WordPress database.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Spread The Love ❤️\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you like Update URLs, please leave a \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fupdate-urls\u002Freviews\u002F#new-post\" rel=\"ugc\">five stars ⭐⭐⭐⭐⭐\u003C\u002Fa> and also spread the word about it via \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fsharer.php?u=https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fupdate-urls\u002F\" rel=\"nofollow ugc\">Facebook\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fintent\u002Ftweet?url=https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fupdate-urls\u002F\" rel=\"nofollow ugc\">Twitter\u003C\u002Fa>. That helps fellow website owners assess Update URLs easily and benefit from it!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What’s Next\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you like this plugin then consider checking out our other solutions:\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Furl-shortify\u002F\" rel=\"ugc\">URL Shortify\u003C\u002Fa> – Simple, Powerful and Easy URL Shortener Plugin For WordPress.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>URL Shortify helps you beautify, manage, and share any URL on or off of your WordPress website. Create links that look how you want using your domain name! It’s a Simple, Easy & Elegant self hosted alternative to Bitly, TinyURL, Cuttly, Pretty Links, URL Shortener By My Theme Shop, Rebrandly, BL.Link, Short.io, and many other SaaS URL Shortener services.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsocial-linkz\u002F\" rel=\"ugc\">Social Linkz\u003C\u002Fa> – Lightweight and fast social media sharing plugin\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Easily place social share icon on your posts, pages etc..\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Futilitify\u002F\" rel=\"ugc\">Utilitify\u003C\u002Fa> – Supercharge Your WordPress Site With Power Pack WordPress Utilities\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>It’s a simple & neat plugin which helps you to customize your WordPress setup in a very elegant way.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Flogify\u002F\" rel=\"ugc\">Logify\u003C\u002Fa>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Logify is a comprehensive logging and monitoring plugin for WordPress that helps you keep track of various activities and events on your website. It provides detailed logs of user actions, system events, and errors, allowing you to monitor and troubleshoot your site effectively.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmagic-link\u002F\" rel=\"ugc\">Magic Link\u003C\u002Fa>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Magic Link is a passwordless authentication plugin for WordPress that allows users to log in securely via email links. It eliminates the need for traditional passwords, enhancing both security and user convenience.\u003C\u002Fp>\n\u003Cp>With Magic Link, users simply enter their email address, receive a unique login link, and gain instant access to their accounts. This plugin is perfect for improving user experience while maintaining strong security standards.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n","Quick and Easy way to search all URLS, Content and replace them with new links and content in WordPress website.",20000,236888,94,23,"2026-02-21T06:55:00.000Z","5.0.0","5.6",[139,140,20,21,125],"change-links","migration","https:\u002F\u002Fkaizencoders.com\u002Fupdate-urls","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fupdate-urls.1.4.1.zip",78,"2026-01-30 00:00:00",{"slug":146,"name":147,"version":148,"author":149,"author_profile":150,"description":151,"short_description":152,"active_installs":153,"downloaded":154,"rating":155,"num_ratings":156,"last_updated":157,"tested_up_to":16,"requires_at_least":158,"requires_php":159,"tags":160,"homepage":162,"download_link":163,"security_score":164,"vuln_count":165,"unpatched_count":38,"last_vuln_date":166,"fetched_at":31},"cm-on-demand-search-and-replace","CM Search And Replace – Optimize content edits with a powerful search and replace tool","1.5.5","CreativeMindsSolutions","https:\u002F\u002Fprofiles.wordpress.org\u002Fcreativemindssolutions\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.cminds.com\u002Fwordpress-plugins-library\u002Fpurchase-cm-on-demand-search-and-replace-plugin-for-wordpress\u002F\" rel=\"nofollow ugc\">Pro Plugin Page\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwww.videolessonsplugin.com\u002Fvideo-lesson\u002Flesson\u002Fsearch-replace-wordpress-plugin\u002F\" rel=\"nofollow ugc\">Videos\u003C\u002Fa>  | \u003Ca href=\"https:\u002F\u002Fcreativeminds.helpscoutdocs.com\u002Fcategory\u002F282-search-and-replace-cmsr\" rel=\"nofollow ugc\">User Guide\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Use our WordPress Search and Replace plugin to perform live search\u002Freplace operations on words, phrases, and HTML within your WordPress site’s content, without altering the underlying database.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>⭐ \u003Cem>We’re excited to present the renewed version of CM Search and Replace! Featuring a brand-new, intuitive design, the plugin is now more user-friendly than ever, making it easier to create and manage your search and replace rules with precision.\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>With this powerful WordPress find replace plugin, you’ll be able to modify the content of posts, pages, comments, titles, and excerpts just before they are displayed on the front end without any need to make changes to the WordPress database.\u003C\u002Fp>\n\u003Cp>This WordPress plugin generates dynamic rules that enable consistent replacement of HTML and text generated not only by your page content but also plugins before a page is loaded to a user’s browser.\u003C\u002Fp>\n\u003Ch3>Search Replace Premium Edition\u003C\u002Fh3>\n\u003Cp>The \u003Ca href=\"https:\u002F\u002Fwww.cminds.com\u002Fwordpress-plugins-library\u002Fpurchase-cm-on-demand-search-and-replace-plugin-for-wordpress\u002F\" rel=\"nofollow ugc\">Search and Replace Plugin Premium edition\u003C\u002Fa> includes even more powerful features, such as: store search and replace changes to databse, log all changes made, regex support, time based search and replace rules and much more.\u003C\u002Fp>\n\u003Ch3>Search Replace Plugin Introduction Video (Pro Version)\u003C\u002Fh3>\n\u003Cdiv class=\"embed-vimeo\" style=\"text-align: center;\">\u003Ciframe loading=\"lazy\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F124893784\" width=\"750\" height=\"422\" frameborder=\"0\" webkitallowfullscreen mozallowfullscreen allowfullscreen>\u003C\u002Fiframe>\u003C\u002Fdiv>\n\u003Ch3>WordPress Search Replace Plugin Use-Cases\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Profanity Filter\u003C\u002Fstrong> – Our WordPress plugin gives you the ability to censor bad words posted in comments, content generated by plugins, as well as pages or posts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>HTML Replacement\u003C\u002Fstrong> – Replace HTML code on the fly.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Image Replacement\u003C\u002Fstrong> – Replace images on the fly.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Schedule Content\u003C\u002Fstrong> – Schedule content changes for particular dates or durations.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Database Changes\u003C\u002Fstrong> – Make permament changes to the content in the database.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Log Changes\u003C\u002Fstrong> – Log all changes.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>WordPress Search Replace Plugin Basic Version Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Create any number of rules for replacing regular text and html.\u003C\u002Fli>\n\u003Cli>Applies replacement rules that can help in standarizing WordPress posts and pages.\u003C\u002Fli>\n\u003Cli>Performs replacements only locally and doesn’t save them to the database.\u003C\u002Fli>\n\u003Cli>Supports scanning content for case sensitive words.\u003C\u002Fli>\n\u003Cli>Choose if to search and replace content in images URLs.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>WordPress Search Replace Plugin Pro Version Features\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.cminds.com\u002Fwordpress-plugins-library\u002Fsearch-and-replace-plugin-for-wordpress\u002F#features\" rel=\"nofollow ugc\">Pro Version Detailed Features List\u003C\u002Fa>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Define search\u002Freplace rules for site and page titles, content, excerpts, link, comments and images.\u003C\u002Fli>\n\u003Cli>Support custom posts types.\u003C\u002Fli>\n\u003Cli>Support Regex rules.\u003C\u002Fli>\n\u003Cli>Support search replace based on timeframes.\u003C\u002Fli>\n\u003Cli>Support search replace only on specific posts.\u003C\u002Fli>\n\u003Cli>Support search replace only on specific post categories, tags or other taxonomies.\u003C\u002Fli>\n\u003Cli>Rules Management – pause, edit, delete and easily change the order of rules.\u003C\u002Fli>\n\u003Cli>Includes log for changes that are made on the fly.\u003C\u002Fli>\n\u003Cli>Includes log for permanent changes in the database.\u003C\u002Fli>\n\u003Cli>Import and export rules.\u003C\u002Fli>\n\u003Cli>Search within rules.\u003C\u002Fli>\n\u003Cli>Frontend widget to turn rules on and off.\u003C\u002Fli>\n\u003Cli>Ensures additional content support for plugins like Yoast, BBPress, WooCommerce, ACF and CM Tooltip Glossary.\u003C\u002Fli>\n\u003Cli>Optionally, commit replacement rules to the database so they will be permanent.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Follow Us\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.cminds.com\u002Fcategory\u002Fwordpress\u002F\" rel=\"nofollow ugc\">Blog\u003C\u002Fa> | \u003Ca href=\"http:\u002F\u002Ftwitter.com\u002Fcmplugins\" rel=\"nofollow ugc\">Twitter\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwww.linkedin.com\u002Fcompany\u002Fcreativeminds\" rel=\"nofollow ugc\">LinkedIn\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fuser\u002Fcmindschannel\" rel=\"nofollow ugc\">YouTube\u003C\u002Fa> |  \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fcmplugins\u002F\" rel=\"nofollow ugc\">Facebook\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Suggested Plugins by CreativeMinds\u003C\u002Fh3>\n\u003Cp>List of all \u003Ca href=\"https:\u002F\u002Fwww.cminds.com\" rel=\"nofollow ugc\">WordPress Plugins\u003C\u002Fa> by CreativeMinds\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fglossaryplugin.com\u002F\" rel=\"nofollow ugc\">CM Tooltip Glossary\u003C\u002Fa> – Easily creates a Glossary, Encyclopaedia or Dictionary of your website’s terms and shows them as a tooltip in posts and pages when hovering. With many more powerful features.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.downloadmanagerplugin.com\u002F\" rel=\"nofollow ugc\">CM Download Manager\u003C\u002Fa> – Allows users to upload, manage, track and support documents or files in a download directory listing database for others to contribute, use and comment upon.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.answersplugin.com\u002F\" rel=\"nofollow ugc\">CM Answers Plugin\u003C\u002Fa> – A fully-featured WordPress Questions & Answers Plugin that allows you to build multiple discussion forum systems Just like StackOverflow, Yahoo Answers and Quora, Now with MicroPayments and Anonymous posting support.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>WordPress Search and Replace Plugin Frequently Asked Questions\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.cminds.com\u002Fwordpress-plugins-library\u002Fpurchase-cm-on-demand-search-and-replace-plugin-for-wordpress\u002F#plugin-faq\" rel=\"nofollow ugc\">More FAQ’s\u003C\u002Fa>\u003C\u002Fp>\n","Search and replace words, phrases, and HTML within your website posts and pages.",2000,154301,84,15,"2026-01-29T11:01:00.000Z","5.4.0","5.2.4",[117,161,118,20,21],"find","http:\u002F\u002Fwww.cminds.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcm-on-demand-search-and-replace.zip",74,6,"2025-08-14 00:00:00",{"slug":168,"name":169,"version":170,"author":171,"author_profile":172,"description":173,"short_description":174,"active_installs":175,"downloaded":176,"rating":93,"num_ratings":177,"last_updated":178,"tested_up_to":179,"requires_at_least":180,"requires_php":137,"tags":181,"homepage":18,"download_link":182,"security_score":183,"vuln_count":29,"unpatched_count":29,"last_vuln_date":46,"fetched_at":31},"slider-revolution-search-replace","Slider Revolution Search Replace","1.0","Dhaval Kasavala","https:\u002F\u002Fprofiles.wordpress.org\u002Fdhavalkasvala\u002F","\u003Cp>Replace url of old domain to new domain for revolution slider only.\u003C\u002Fp>\n","Replace url of old domain to new domain for revolution slider only.",900,41788,7,"2023-08-06T09:11:00.000Z","6.2.9","5.0",[117,21,23],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fslider-revolution-search-replace.zip",85,{"attackSurface":185,"codeSignals":231,"taintFlows":296,"riskAssessment":340,"analyzedAt":353},{"hooks":186,"ajaxHandlers":227,"restRoutes":228,"shortcodes":229,"cronEvents":230,"entryPointCount":29,"unprotectedCount":29},[187,193,197,200,205,208,211,214,217,220,224],{"type":188,"name":189,"callback":190,"file":191,"line":192},"action","after_setup_theme","run_better_search_replace","better-search-replace.php",81,{"type":188,"name":194,"callback":195,"priority":38,"file":196,"line":134},"init","define_ajax","includes\\class-bsr-ajax.php",{"type":188,"name":194,"callback":198,"priority":28,"file":196,"line":199},"do_bsr_ajax",24,{"type":188,"name":201,"callback":202,"file":203,"line":204},"admin_enqueue_scripts","anonymous","includes\\class-bsr-main.php",122,{"type":188,"name":206,"callback":202,"file":203,"line":207},"admin_menu",123,{"type":188,"name":209,"callback":202,"file":203,"line":210},"admin_init",126,{"type":188,"name":212,"callback":202,"file":203,"line":213},"admin_post_bsr_view_details",127,{"type":188,"name":215,"callback":202,"file":203,"line":216},"admin_post_bsr_download_sysinfo",128,{"type":188,"name":218,"callback":202,"file":203,"line":219},"plugin_row_meta",129,{"type":221,"name":222,"callback":202,"file":203,"line":223},"filter","update_footer",132,{"type":221,"name":225,"callback":202,"file":203,"line":226},"admin_footer_text",133,[],[],[],[],{"dangerousFunctions":232,"sqlUsage":238,"outputEscaping":251,"fileOperations":29,"externalRequests":29,"nonceChecks":38,"capabilityChecks":38,"bundledLibraries":295},[233],{"fn":234,"file":235,"line":236,"context":237},"unserialize","includes\\class-bsr-db.php",457,"$unserialized_string = @unserialize( $serialized_string, array('allowed_classes' => false ) );",{"prepared":39,"raw":39,"locations":239},[240,243,246,249],{"file":235,"line":241,"context":242},60,"$wpdb->get_col() with variable interpolation",{"file":235,"line":244,"context":245},114,"$wpdb->get_var() with variable interpolation",{"file":235,"line":247,"context":248},158,"$wpdb->get_results() with variable interpolation",{"file":235,"line":250,"context":248},220,{"escaped":252,"rawEcho":253,"locations":254},26,17,[255,259,261,263,265,267,269,271,273,276,278,280,283,286,288,290,293],{"file":256,"line":257,"context":258},"includes\\class-bsr-admin.php",147,"raw output",{"file":256,"line":260,"context":258},171,{"file":256,"line":262,"context":258},201,{"file":256,"line":264,"context":258},203,{"file":256,"line":266,"context":258},207,{"file":256,"line":268,"context":258},256,{"file":256,"line":270,"context":258},288,{"file":196,"line":272,"context":258},191,{"file":274,"line":275,"context":258},"templates\\bsr-dashboard.php",48,{"file":274,"line":277,"context":258},52,{"file":274,"line":279,"context":258},71,{"file":281,"line":282,"context":258},"templates\\bsr-help.php",62,{"file":284,"line":285,"context":258},"templates\\bsr-search-replace.php",34,{"file":284,"line":287,"context":258},95,{"file":284,"line":289,"context":258},119,{"file":291,"line":292,"context":258},"templates\\bsr-settings.php",42,{"file":294,"line":28,"context":258},"templates\\sidebar.php",[],[297,314,322,332],{"entryPoint":298,"graph":299,"unsanitizedCount":29,"severity":313},"download_sysinfo (includes\\class-bsr-admin.php:278)",{"nodes":300,"edges":310},[301,305],{"id":302,"type":303,"label":304,"file":256,"line":270},"n0","source","$_POST['bsr-sysinfo']",{"id":306,"type":307,"label":308,"file":256,"line":270,"wp_function":309},"n1","sink","echo() [XSS]","echo",[311],{"from":302,"to":306,"sanitized":312},true,"low",{"entryPoint":315,"graph":316,"unsanitizedCount":29,"severity":313},"\u003Cclass-bsr-admin> (includes\\class-bsr-admin.php:0)",{"nodes":317,"edges":320},[318,319],{"id":302,"type":303,"label":304,"file":256,"line":270},{"id":306,"type":307,"label":308,"file":256,"line":270,"wp_function":309},[321],{"from":302,"to":306,"sanitized":312},{"entryPoint":323,"graph":324,"unsanitizedCount":29,"severity":313},"process_search_replace (includes\\class-bsr-ajax.php:101)",{"nodes":325,"edges":330},[326,329],{"id":302,"type":303,"label":327,"file":196,"line":328},"$_REQUEST",110,{"id":306,"type":307,"label":308,"file":196,"line":272,"wp_function":309},[331],{"from":302,"to":306,"sanitized":312},{"entryPoint":333,"graph":334,"unsanitizedCount":29,"severity":313},"\u003Cclass-bsr-ajax> (includes\\class-bsr-ajax.php:0)",{"nodes":335,"edges":338},[336,337],{"id":302,"type":303,"label":327,"file":196,"line":328},{"id":306,"type":307,"label":308,"file":196,"line":272,"wp_function":309},[339],{"from":302,"to":306,"sanitized":312},{"summary":341,"deductions":342},"The \"better-search-replace\" plugin version 1.4.10 exhibits a mixed security posture. On one hand, it demonstrates good practices by having a very limited attack surface with no apparent unprotected entry points and a reasonable percentage of SQL queries using prepared statements. The presence of nonce and capability checks, while minimal, is also a positive sign. However, the static analysis reveals a significant concern with the `unserialize` function, which is a known vector for deserialization vulnerabilities if not handled with extreme caution and strict validation of the serialized data. The taint analysis, while showing no critical or high severity flows, doesn't completely alleviate the risk associated with `unserialize` as it might not cover all potential exploitation scenarios.\n\nThe plugin's vulnerability history is a more concerning aspect. It has a history of two High severity CVEs, specifically related to \"Deserialization of Untrusted Data\" and \"SQL Injection.\" Although currently unpatched, the fact that these vulnerabilities have occurred indicates a recurring need for careful code auditing, especially concerning data handling and database interactions. The most recent vulnerability was in January 2024, suggesting that security issues are not entirely in the distant past. While the current version's static analysis doesn't show immediate critical flaws, the historical pattern, particularly around deserialization and SQL injection, warrants a cautious approach. Therefore, while the plugin has some strengths in its design regarding attack surface, the presence of a dangerous function and a history of significant vulnerabilities necessitate vigilance.",[343,346,349,351],{"reason":344,"points":345},"Dangerous function: unserialize detected",10,{"reason":347,"points":348},"High severity CVEs in history",20,{"reason":350,"points":35},"SQL queries not always prepared",{"reason":352,"points":39},"Output escaping not fully proper","2026-03-16T16:57:19.557Z",{"wat":355,"direct":365},{"assetPaths":356,"generatorPatterns":360,"scriptPaths":361,"versionParams":362},[357,358,359],"\u002Fwp-content\u002Fplugins\u002Fbetter-search-replace\u002Fassets\u002Fcss\u002Fbetter-search-replace.css","\u002Fwp-content\u002Fplugins\u002Fbetter-search-replace\u002Fassets\u002Fcss\u002Fjquery-ui.min.css","\u002Fwp-content\u002Fplugins\u002Fbetter-search-replace\u002Fassets\u002Fjs\u002Fbetter-search-replace.js",[],[359],[363,364],"\u002Fwp-content\u002Fplugins\u002Fbetter-search-replace\u002Fassets\u002Fcss\u002Fbetter-search-replace","\u002Fwp-content\u002Fplugins\u002Fbetter-search-replace\u002Fassets\u002Fjs\u002Fbetter-search-replace",{"cssClasses":366,"htmlComments":370,"htmlAttributes":375,"restEndpoints":379,"jsGlobals":382,"shortcodeOutput":384},[367,368,369],"bsr-dashboard-section","bsr-row","bsr-submit",[371,372,373,374],"\u003C!-- The main plugin class that is used to define internationalization,\ndashboard-specific hooks, and public-facing site hooks. -->","\u003C!-- The callback for creating a new submenu page under the \"Tools\" menu. -->","\u003C!-- Trying to show results? -->","\u003C!-- Have results with required fields set with correctly typed data? -->",[376,377,378],"data-search-replace-endpoint","data-nonce","data-page-size",[380,381],"\u002Fwp-json\u002Fbetter-search-replace\u002Fv1\u002Fsearch","\u002Fwp-json\u002Fbetter-search-replace\u002Fv1\u002Freplace",[383],"bsr_object_vars",[],{"success":312,"data":386},{"plugin_slug":4,"plugin_version":387,"generated_at":388,"architecture_md":389,"cross_cutting_amplifiers":390,"diagrams":426},"unknown","2026-05-09 17:53:40","# Better Search Replace (v1.4.10) — Architecture Summary\n\n## Overview\n\nBetter Search Replace is a pure admin-utility WordPress plugin that performs serialization-aware search\u002Freplace operations across all database tables. It has **zero public-facing surface**: no shortcodes, no Gutenberg blocks, no REST routes, and no frontend assets. All functionality is gated behind the WordPress admin panel under `Tools → Better Search Replace`.\n\n## Auth Model\n\nThe plugin uses a two-layer defense-in-depth auth model:\n\n1. **Bootstrap gate** (`bsr_enabled_for_user()` on `after_setup_theme`): The entire plugin — including all hook registrations — is conditionally instantiated only when the current user passes `current_user_can(apply_filters('bsr_capability', 'manage_options'))`. This means unauthenticated or lower-privileged users never see any registered hooks.\n\n2. **Per-handler gate** (`BSR_Utils::check_admin_referer()`): Every write\u002Fdestructive handler additionally verifies both a WordPress nonce (`check_admin_referer()`) and re-checks the capability (`bsr_enabled_for_user()`). **Exception:** `BSR_Admin::load_details()` (admin_post_bsr_view_details) has no explicit nonce or capability check — it relies solely on WordPress core's `admin-post.php` logged-in requirement.\n\nThe `bsr_capability` filter is the single most important extension point and risk: any plugin can hook it to lower the required capability below `manage_options`, exposing full database write access to lower-privileged roles.\n\n## Custom AJAX Transport\n\nThe plugin does not use WordPress's standard `wp-admin\u002Fadmin-ajax.php`. Instead it hooks `init` (priority 1\u002F2) and dispatches on `$_GET['bsr-ajax']`, sanitized via `sanitize_text_field()`. The resolved URL is `\u003Cadmin_url>\u002Ftools.php?page=better-search-replace&bsr-ajax=\u003Caction>`. This fires on every WordPress page load (including frontend) when the parameter is present, though the auth gate prevents exploitation.\n\n## Batch Processing Architecture\n\nThe core operation is a client-driven pagination loop: JavaScript POSTs to the custom AJAX endpoint with incrementing `bsr_step` (table index) and `bsr_page` (row-block offset) until the server responds with `step='done'`. Batch state is persisted in `wp_options['bsr_data']` between calls. The `siteurl` option is specially deferred to avoid mid-run URL breakage.\n\n## Database Access\n\nAll DB access is via `$wpdb`. Table names are validated via `table_exists()` (SHOW TABLES whitelist) and `esc_sql()`. UPDATE queries are constructed by hand using a custom `mysql_escape_mimic()` function rather than `$wpdb->prepare()`. Column names come from `DESCRIBE` output (schema-controlled). The search\u002Freplace strings flow through PHP `str_replace`\u002F`str_ireplace` and are never directly interpolated into SQL.\n\n## Serialization Safety\n\nDeserialization is centralized in `BSR_DB::unserialize()` which enforces `allowed_classes=false` (PHP 7+) or a namespaced polyfill (`BSR\\Brumann\\Polyfill\\Unserialize`) for PHP \u003C 7. This prevents PHP object injection attacks.\n\n## Persistence\n\nThree `wp_options` keys: `bsr_page_size` (config), `bsr_data` (run state including raw search\u002Freplace strings), `bsr_update_site_url` (deferred siteurl). One transient: `bsr_results` (24h TTL, holds per-table stats plus verbatim search\u002Freplace strings). **No uninstall hook** — all options persist after plugin removal.\n\n## No External Dependencies\n\nZero outbound HTTP calls at runtime. No AI integrations. No telemetry. All hardcoded external URLs are static HTML anchor tags only. Updates flow through WordPress.org infrastructure.\n\n## Multisite\n\nDeclared `Network: true`. `bsr_enabled_for_user()` uses `current_user_can()` which evaluates against the current blog's capabilities — a sub-site admin with `manage_options` gains full search\u002Freplace access. No `is_super_admin()` floor is enforced.",[391,400,409,414,419],{"id":392,"title":393,"description":394,"affects":395,"severity_amplification":49},"amp:capability-filter","Filterable capability gate (`bsr_capability`) has no validation floor","The sole authorization control for every plugin feature is `current_user_can(apply_filters('bsr_capability', 'manage_options'))`. Any co-installed plugin or theme can hook `bsr_capability` and return any string (including `'read'`, `''`, or `true`), silently lowering access to the full-database search\u002Freplace engine for all logged-in users or even unauthenticated users. There is no validation of the filtered value and no minimum floor capability enforced.",[396,397,398,399],"ep:ajax:bsr_ajax_process_search_replace","ep:admin-post:bsr_download_sysinfo","ep:admin-post:bsr_view_details","sink:db:arbitrary-table-write",{"id":401,"title":402,"description":403,"affects":404,"severity_amplification":408},"amp:no-uninstall-cleanup","No uninstall hook — sensitive option data persists after plugin removal","No `register_uninstall_hook()`, `register_deactivation_hook()`, or `register_activation_hook()` calls exist. The options `bsr_page_size`, `bsr_data` (may contain plaintext search\u002Freplace strings), and `bsr_update_site_url` (may contain a pending siteurl value) persist indefinitely in `wp_options` after the plugin is deleted.",[405,406,407],"storage:option:bsr_data","storage:option:bsr_update_site_url","storage:option:bsr_page_size","medium",{"id":410,"title":411,"description":412,"affects":413,"severity_amplification":408},"amp:custom-ajax-transport","Custom `init`-hook AJAX channel fires on every page load","The plugin implements its own AJAX transport by hooking `init` (priority 1\u002F2) and reading `$_GET['bsr-ajax']`. This fires on every WordPress request including frontend pages — not just admin requests. Auth checks are entirely delegated to individual handlers; there is no global middleware check at the dispatch layer. The action suffix from `$_GET['bsr-ajax']` is sanitized via `sanitize_text_field()` before dispatch, but auth is handler-responsibility only.",[396],{"id":415,"title":416,"description":417,"affects":418,"severity_amplification":408},"amp:custom-sql-escape","Hand-rolled SQL escaping (`mysql_escape_mimic`) instead of `$wpdb->prepare()`","All UPDATE and WHERE clause values in `BSR_DB::srdb()` are escaped via a custom `mysql_escape_mimic()` function rather than `$wpdb->prepare()`. This function is functionally similar to `mysql_real_escape_string` for common cases but has not been formally audited against multi-byte charset attacks or all edge cases. It is a plugin-wide pattern affecting every database write the plugin performs.",[399],{"id":420,"title":421,"description":422,"affects":423,"severity_amplification":408},"amp:transient-contains-user-data","Transient `bsr_results` stores verbatim user-controlled search\u002Freplace strings","The `bsr_results` transient (24h TTL) stores the raw `search_for` and `replace_with` values supplied by the operator. This transient is read by multiple display paths. Critically, `admin_post_bsr_view_details` reads and renders this transient without any capability or nonce check, exposing its contents to any logged-in WordPress user.",[424,398,425],"storage:transient:bsr_results","sink:html:load_details_table",[427,443,524,586,598,611,678,711,749],{"audience":428,"kind":429,"type":430,"data":431},"public","auth-tier-distribution","pie",{"title":432,"slices":433},"Entry Points by Auth Tier",[434,437,440],{"label":435,"value":39,"style":436},"Admin (manage_options or bsr_capability filter)","tier-admin",{"label":438,"value":38,"style":439},"Logged-in (any WordPress user)","tier-logged-in",{"label":441,"value":29,"style":442},"Unauthenticated","tier-unauth",{"audience":428,"kind":444,"type":445,"data":446},"component-overview","flowchart",{"direction":447,"clusters":448,"nodes":461,"edges":503},"TD",[449,453,457],{"id":450,"label":451,"style":452},"c-admin","WordPress Admin","wp-core",{"id":454,"label":455,"style":456},"c-plugin","Better Search Replace Plugin","plugin",{"id":458,"label":459,"style":460},"c-db","Database Layer","sensitive",[462,468,473,478,482,486,490,495,499],{"id":463,"label":464,"cluster":450,"shape":465,"style":466,"data":467},"n-admin-user","Admin User (manage_options)","round","auth-admin",{},{"id":469,"label":470,"cluster":454,"shape":471,"style":466,"data":472},"n-auth-gate","bsr_enabled_for_user()\nbsr_capability filter","diamond",{},{"id":474,"label":475,"cluster":454,"shape":476,"style":466,"data":477},"n-admin-ui","Admin UI\n(Tools → Better Search Replace)","rect",{},{"id":479,"label":480,"cluster":454,"shape":476,"style":466,"data":481},"n-ajax","Custom AJAX Endpoint\n(bsr-ajax GET param on init hook)",{},{"id":483,"label":484,"cluster":454,"shape":476,"style":466,"data":485},"n-batch","Batch S&R Engine\n(BSR_DB::srdb)",{},{"id":487,"label":488,"cluster":454,"shape":476,"style":466,"data":489},"n-sysinfo","System Info\n(BSR_Compatibility)",{},{"id":491,"label":492,"cluster":458,"shape":493,"style":460,"data":494},"n-wpdb","WordPress $wpdb\n(All DB Tables)","cylinder",{},{"id":496,"label":497,"cluster":458,"shape":493,"style":460,"data":498},"n-options","wp_options\n(bsr_data, bsr_page_size,\nbsr_update_site_url)",{},{"id":500,"label":501,"cluster":458,"shape":493,"style":460,"data":502},"n-transient","bsr_results transient\n(24h TTL)",{},[504,507,509,512,514,516,518,520,522],{"from":463,"to":469,"label":505,"style":506},"every request","auth",{"from":469,"to":474,"label":508,"style":506},"allowed",{"from":474,"to":479,"label":510,"style":511},"form submit (jQuery AJAX)","data",{"from":479,"to":483,"label":513,"style":506},"nonce + cap verified",{"from":483,"to":491,"label":515,"style":511},"SELECT \u002F UPDATE",{"from":483,"to":496,"label":517,"style":511},"bsr_data state",{"from":483,"to":500,"label":519,"style":511},"results accumulation",{"from":474,"to":487,"label":521,"style":511},"Help tab render",{"from":487,"to":491,"label":523,"style":511},"get_plugins(), $wpdb->db_version()",{"audience":428,"kind":525,"type":445,"data":526},"data-flow",{"direction":527,"clusters":528,"nodes":542,"edges":571},"LR",[529,533,536,539],{"id":530,"label":531,"style":532},"c-input","User Input","external",{"id":534,"label":535,"style":456},"c-proc","Processing",{"id":537,"label":538,"style":460},"c-storage","Storage",{"id":540,"label":541,"style":456},"c-output","Output",[543,547,551,555,559,563,567],{"id":544,"label":545,"cluster":530,"shape":476,"style":466,"data":546},"n-form","Search\u002FReplace Form\n(search_for, replace_with,\nselect_tables, flags)",{},{"id":548,"label":549,"cluster":534,"shape":476,"style":466,"data":550},"n-parse","parse_str(bsr_data)\nstripslashes \u002F absint \u002F trim",{},{"id":552,"label":553,"cluster":534,"shape":476,"style":460,"data":554},"n-srdb","BSR_DB::srdb()\ntable_exists + esc_sql\nrecursive_unserialize_replace\nmysql_escape_mimic",{},{"id":556,"label":557,"cluster":537,"shape":493,"style":460,"data":558},"n-bsr-data","wp_options['bsr_data']\n(raw args, multi-step)",{},{"id":560,"label":561,"cluster":537,"shape":493,"style":460,"data":562},"n-results","bsr_results transient\n(stats + search strings)",{},{"id":564,"label":565,"cluster":537,"shape":493,"style":460,"data":566},"n-tables","All DB Tables\n(user-selected)",{},{"id":568,"label":569,"cluster":540,"shape":476,"style":466,"data":570},"n-ui-out","Admin UI Result Display\n(esc_html \u002F esc_attr applied)",{},[572,574,576,578,580,582,584],{"from":544,"to":548,"label":573,"style":511},"POST bsr_data",{"from":548,"to":552,"label":575,"style":511},"validated args",{"from":548,"to":556,"label":577,"style":511},"update_option",{"from":556,"to":552,"label":579,"style":511},"resume (step > 0)",{"from":552,"to":564,"label":515,"style":581},"bulk",{"from":552,"to":560,"label":583,"style":511},"append_report",{"from":560,"to":568,"label":585,"style":511},"render_result \u002F load_details",{"audience":428,"kind":587,"type":430,"data":588},"external-dependencies",{"title":589,"slices":590},"External Dependency Types",[591,594,596],{"label":592,"value":34,"style":593},"WordPress Core (jQuery, jQuery UI, Thickbox)","tier-system",{"label":595,"value":38,"style":436},"Bundled PHP Library (brumann\u002Fpolyfill-unserialize)",{"label":597,"value":29,"style":442},"Outbound HTTP APIs",{"audience":599,"kind":600,"type":601,"data":602},"internal","ajax-action-map","tree",{"root":603},{"id":604,"label":605,"children":606},"r-dispatch","BSR_AJAX::do_bsr_ajax() [init priority 2]\ndo_action('bsr_ajax_' + sanitize_text_field($_GET['bsr-ajax']))",[607],{"id":608,"label":609,"children":610},"a-process","bsr_ajax_process_search_replace\n→ BSR_AJAX::process_search_replace()\nAuth: check_admin_referer('bsr_ajax_nonce') + bsr_enabled_for_user()\nSinks: arbitrary-table-write, bsr_data option, bsr_results transient",[],{"audience":599,"kind":612,"type":445,"data":613},"auth-capability-map",{"direction":447,"clusters":614,"nodes":624,"edges":662},[615,618,621],{"id":616,"label":617,"style":460},"c-gate","Auth Gates",{"id":619,"label":620,"style":456},"c-ep","Entry Points",{"id":622,"label":623,"style":460},"c-sink","Sinks",[625,629,633,637,641,645,650,654,658],{"id":626,"label":627,"cluster":616,"shape":471,"style":460,"data":628},"n-filter","apply_filters('bsr_capability',\n'manage_options')\nbetter-search-replace.php:92\nclass-bsr-admin.php:86",{},{"id":630,"label":631,"cluster":616,"shape":471,"style":466,"data":632},"n-bsr-enabled","bsr_enabled_for_user()\ncurrent_user_can($cap)",{},{"id":634,"label":635,"cluster":616,"shape":471,"style":466,"data":636},"n-check-referer","BSR_Utils::check_admin_referer()\ncheck_admin_referer() + bsr_enabled_for_user()\nclass-bsr-utils.php:114",{},{"id":638,"label":639,"cluster":616,"shape":471,"style":466,"data":640},"n-wp-adminpost","admin-post.php\nis_user_logged_in() only\n(WordPress core)",{},{"id":642,"label":643,"cluster":619,"shape":476,"style":466,"data":644},"n-ep-ajax","ep:ajax:bsr_ajax_process_search_replace\nBSR_AJAX::process_search_replace()",{},{"id":646,"label":647,"cluster":619,"shape":476,"style":648,"data":649},"n-ep-details","ep:admin-post:bsr_view_details\nBSR_Admin::load_details()\n[NO nonce\u002Fcap check]","auth-author",{},{"id":651,"label":652,"cluster":619,"shape":476,"style":466,"data":653},"n-ep-sysinfo","ep:admin-post:bsr_download_sysinfo\nBSR_Admin::download_sysinfo()",{},{"id":655,"label":656,"cluster":622,"shape":493,"style":460,"data":657},"n-sink-db","sink:db:arbitrary-table-write\nBSR_DB::srdb() UPDATE",{},{"id":659,"label":660,"cluster":622,"shape":493,"style":460,"data":661},"n-sink-transient","storage:transient:bsr_results\n(search strings + stats)",{},[663,665,667,669,670,672,674,676],{"from":626,"to":630,"label":664,"style":506},"provides cap string",{"from":630,"to":634,"label":666,"style":506},"re-checked inside",{"from":634,"to":642,"label":668,"style":506},"gates",{"from":634,"to":651,"label":668,"style":506},{"from":638,"to":646,"label":671,"style":506},"only gate (logged-in)",{"from":642,"to":655,"label":673,"style":581},"executes batch S&R",{"from":642,"to":659,"label":675,"style":511},"appends results",{"from":646,"to":659,"label":677,"style":511},"reads (no cap check)",{"audience":599,"kind":679,"type":680,"data":681},"custom-tables-er","erd",{"entities":682,"relationships":707},[683,696],{"id":684,"label":685,"attributes":686},"e-wp-options","wp_options (existing)",[687,690,693],{"name":688,"type":689,"primary":312},"option_id","bigint",{"name":691,"type":692,"primary":58},"option_name","varchar — bsr_page_size | bsr_data | bsr_update_site_url",{"name":694,"type":695,"primary":58},"option_value","longtext (serialized for bsr_data)",{"id":697,"label":698,"attributes":699},"e-transient","wp_options (transient bsr_results)",[700,702,704],{"name":691,"type":701,"primary":312},"_transient_bsr_results",{"name":694,"type":703,"primary":58},"serialized array: search_for, replace_with, table_reports",{"name":705,"type":706,"primary":58},"ttl","DAY_IN_SECONDS (86400)",[708],{"from":684,"to":697,"cardinality":709,"label":710},"1..1","stored in same wp_options table",{"audience":599,"kind":712,"type":713,"data":714},"plugin-lifecycle","state",{"initial":715,"states":716,"transitions":731},"idle",[717,719,722,725,728],{"id":715,"label":718,"terminal":58},"Idle — no run in progress",{"id":720,"label":721,"terminal":58},"running","Running — batch S&R active\nbsr_data option populated",{"id":723,"label":724,"terminal":58},"siteurl-pending","Siteurl deferred\nbsr_update_site_url option set",{"id":726,"label":727,"terminal":58},"done","Done — step='done'\nmatch complete",{"id":729,"label":730,"terminal":312},"result-display","Result Display\nbsr_results transient read",[732,735,738,741,743,745,747],{"from":715,"to":720,"label":733,"guard":734},"User submits form (step=0, page=0)","valid nonce + manage_options",{"from":720,"to":720,"label":736,"guard":737},"Batch chunk complete, more remain (step++\u002Fpage++)","valid nonce each call",{"from":720,"to":723,"label":739,"guard":740},"siteurl row encountered in wp_options","dry_run=off",{"from":723,"to":720,"label":742,"guard":18},"continues batch processing",{"from":720,"to":726,"label":744,"guard":18},"All tables\u002Fpages exhausted",{"from":726,"to":729,"label":746,"guard":18},"JS redirects to ?result=true",{"from":720,"to":715,"label":748,"guard":18},"AJAX failure \u002F browser close (bsr_data orphaned)",{"audience":599,"kind":750,"type":445,"data":751},"sink-reachability",{"direction":447,"clusters":752,"nodes":758,"edges":791},[753,756],{"id":754,"label":755,"style":456},"c-auth","Auth Check",{"id":757,"label":623,"style":460},"c-sinks",[759,763,767,771,775,779,783,787],{"id":760,"label":761,"cluster":754,"shape":471,"style":466,"data":762},"n-admin-cap","manage_options\n(default) or bsr_capability\nfiltered capability",{},{"id":764,"label":765,"cluster":754,"shape":471,"style":648,"data":766},"n-loggedin","is_user_logged_in()\n(admin-post.php core gate)",{},{"id":768,"label":769,"cluster":757,"shape":493,"style":460,"data":770},"n-s1","sink:db:arbitrary-table-write\nCRITICAL — all DB tables\nmysql_escape_mimic escaping",{},{"id":772,"label":773,"cluster":757,"shape":493,"style":460,"data":774},"n-s2","sink:db:wp-options-siteurl\nCRITICAL — changes site URL",{},{"id":776,"label":777,"cluster":757,"shape":493,"style":460,"data":778},"n-s3","sink:transient:bsr_results\nMEDIUM — stores search strings\nreadable by logged-in users",{},{"id":780,"label":781,"cluster":757,"shape":476,"style":460,"data":782},"n-s4","sink:html:dashboard_tab_active\nMEDIUM — XSS via $_GET['tab']\nin HTML class= attribute",{},{"id":784,"label":785,"cluster":757,"shape":476,"style":466,"data":786},"n-s5","sink:html:load_tables_select\nLOW — table names unescaped\nin \u003Coption> elements",{},{"id":788,"label":789,"cluster":757,"shape":476,"style":466,"data":790},"n-s6","sink:html:sysinfo_textarea\nLOW — sysinfo unescaped\nin \u003Ctextarea>",{},[792,794,796,798,800,802,804],{"from":760,"to":768,"label":793,"style":581},"via process_search_replace",{"from":760,"to":772,"label":795,"style":511},"via srdb + maybe_update_site_url",{"from":760,"to":776,"label":797,"style":511},"via append_report",{"from":760,"to":780,"label":799,"style":511},"admin page render",{"from":760,"to":784,"label":801,"style":511},"load_tables render",{"from":760,"to":788,"label":803,"style":511},"help tab render",{"from":764,"to":776,"label":805,"style":511},"via load_details (no cap check)",{"slug":4,"current_version":6,"total_versions":345,"versions":807},[808,822,831,839,850,859,872,882,890,913],{"version":6,"download_url":26,"svn_tag_url":809,"released_at":46,"has_diff":312,"diff_files_changed":810,"diff_lines":819,"trac_diff_url":820,"vulnerabilities":821,"is_current":312},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbetter-search-replace\u002Ftags\u002F1.4.10\u002F",[811,812,813,814,191,815,816,817,818],"README.md","README.txt","assets\u002Fjs\u002Fbetter-search-replace.min.js","assets\u002Fjs\u002Fbetter-search-replace.min.js.map","includes\u002Fclass-bsr-admin.php","includes\u002Fclass-bsr-ajax.php","includes\u002Fclass-bsr-utils.php","languages\u002Fbetter-search-replace.pot",585,"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbetter-search-replace%2Ftags%2F1.4.7&new_path=%2Fbetter-search-replace%2Ftags%2F1.4.10",[],{"version":823,"download_url":824,"svn_tag_url":825,"released_at":46,"has_diff":312,"diff_files_changed":826,"diff_lines":828,"trac_diff_url":829,"vulnerabilities":830,"is_current":58},"1.4.7","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetter-search-replace.1.4.7.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbetter-search-replace\u002Ftags\u002F1.4.7\u002F",[811,812,191,827,818],"includes\u002Fclass-bsr-db.php",29,"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbetter-search-replace%2Ftags%2F1.4.6&new_path=%2Fbetter-search-replace%2Ftags%2F1.4.7",[],{"version":832,"download_url":833,"svn_tag_url":834,"released_at":46,"has_diff":312,"diff_files_changed":835,"diff_lines":836,"trac_diff_url":837,"vulnerabilities":838,"is_current":58},"1.4.6","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetter-search-replace.1.4.6.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbetter-search-replace\u002Ftags\u002F1.4.6\u002F",[811,812,191,815,827,818],208,"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbetter-search-replace%2Ftags%2F1.4.5&new_path=%2Fbetter-search-replace%2Ftags%2F1.4.6",[],{"version":48,"download_url":840,"svn_tag_url":841,"released_at":46,"has_diff":312,"diff_files_changed":842,"diff_lines":847,"trac_diff_url":848,"vulnerabilities":849,"is_current":58},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetter-search-replace.1.4.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbetter-search-replace\u002Ftags\u002F1.4.5\u002F",[812,191,827,843,818,844,845,846],"includes\u002Fclass-bsr-main.php","vendor\u002Fbrumann\u002Fpolyfill-unserialize\u002FLICENSE","vendor\u002Fbrumann\u002Fpolyfill-unserialize\u002Fsrc\u002FDisallowedClassesSubstitutor.php","vendor\u002Fbrumann\u002Fpolyfill-unserialize\u002Fsrc\u002FUnserialize.php",294,"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbetter-search-replace%2Ftags%2F1.4.4&new_path=%2Fbetter-search-replace%2Ftags%2F1.4.5",[],{"version":851,"download_url":852,"svn_tag_url":853,"released_at":46,"has_diff":312,"diff_files_changed":854,"diff_lines":855,"trac_diff_url":856,"vulnerabilities":857,"is_current":58},"1.4.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetter-search-replace.1.4.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbetter-search-replace\u002Ftags\u002F1.4.4\u002F",[812,191,827,818],27,"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbetter-search-replace%2Ftags%2F1.4.3&new_path=%2Fbetter-search-replace%2Ftags%2F1.4.4",[858],{"id":42,"url_slug":43,"title":44,"severity":49,"cvss_score":50,"vuln_type":52,"patched_in_version":48},{"version":860,"download_url":861,"svn_tag_url":862,"released_at":46,"has_diff":312,"diff_files_changed":863,"diff_lines":868,"trac_diff_url":869,"vulnerabilities":870,"is_current":58},"1.4.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetter-search-replace.1.4.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbetter-search-replace\u002Ftags\u002F1.4.3\u002F",[812,864,865,191,843,866,867,817,818],"assets\u002Fcss\u002Fbetter-search-replace.css","assets\u002Fcss\u002Fbetter-search-replace.min.css","includes\u002Fclass-bsr-plugin-footer.php","includes\u002Fclass-bsr-templates-helper.php",301,"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbetter-search-replace%2Ftags%2F1.4.2&new_path=%2Fbetter-search-replace%2Ftags%2F1.4.3",[871],{"id":42,"url_slug":43,"title":44,"severity":49,"cvss_score":50,"vuln_type":52,"patched_in_version":48},{"version":873,"download_url":874,"svn_tag_url":875,"released_at":46,"has_diff":312,"diff_files_changed":876,"diff_lines":878,"trac_diff_url":879,"vulnerabilities":880,"is_current":58},"1.4.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetter-search-replace.1.4.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbetter-search-replace\u002Ftags\u002F1.4.2\u002F",[812,191,815,867,818,877],"templates\u002Fbsr-dashboard.php",272,"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbetter-search-replace%2Ftags%2F1.4.1&new_path=%2Fbetter-search-replace%2Ftags%2F1.4.2",[881],{"id":42,"url_slug":43,"title":44,"severity":49,"cvss_score":50,"vuln_type":52,"patched_in_version":48},{"version":65,"download_url":883,"svn_tag_url":884,"released_at":46,"has_diff":312,"diff_files_changed":885,"diff_lines":886,"trac_diff_url":887,"vulnerabilities":888,"is_current":58},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetter-search-replace.1.4.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbetter-search-replace\u002Ftags\u002F1.4.1\u002F",[812,191,816,827],49,"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbetter-search-replace%2Ftags%2F1.4&new_path=%2Fbetter-search-replace%2Ftags%2F1.4.1",[889],{"id":42,"url_slug":43,"title":44,"severity":49,"cvss_score":50,"vuln_type":52,"patched_in_version":48},{"version":891,"download_url":892,"svn_tag_url":893,"released_at":46,"has_diff":312,"diff_files_changed":894,"diff_lines":908,"trac_diff_url":909,"vulnerabilities":910,"is_current":58},"1.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetter-search-replace.1.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbetter-search-replace\u002Ftags\u002F1.4\u002F",[812,864,865,895,896,813,814,897,898,899,900,901,902,191,815,903,818,877,904,905,906,907],"assets\u002Fcss\u002Fjquery-ui.min.css","assets\u002Fjs\u002Fbetter-search-replace.js","assets\u002Fsvg\u002Ficon-arrow.svg","assets\u002Fsvg\u002Ficon-checkmark.svg","assets\u002Fsvg\u002Ficon-help.svg","assets\u002Fsvg\u002Ficon-upgrade.svg","assets\u002Fsvg\u002Flogo-bsr.svg","assets\u002Fsvg\u002Fmdb-birds.svg","includes\u002Fclass-bsr-compatibility.php","templates\u002Fbsr-help.php","templates\u002Fbsr-search-replace.php","templates\u002Fbsr-settings.php","templates\u002Fsidebar.php",1662,"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbetter-search-replace%2Ftags%2F1.3.4&new_path=%2Fbetter-search-replace%2Ftags%2F1.4",[911,912],{"id":42,"url_slug":43,"title":44,"severity":49,"cvss_score":50,"vuln_type":52,"patched_in_version":48},{"id":60,"url_slug":61,"title":62,"severity":49,"cvss_score":66,"vuln_type":68,"patched_in_version":65},{"version":914,"download_url":915,"svn_tag_url":916,"released_at":46,"has_diff":58,"diff_files_changed":917,"diff_lines":46,"trac_diff_url":46,"vulnerabilities":918,"is_current":58},"1.3.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetter-search-replace.1.3.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbetter-search-replace\u002Ftags\u002F1.3.4\u002F",[],[919,920],{"id":42,"url_slug":43,"title":44,"severity":49,"cvss_score":50,"vuln_type":52,"patched_in_version":48},{"id":60,"url_slug":61,"title":62,"severity":49,"cvss_score":66,"vuln_type":68,"patched_in_version":65}]