Really Simple Security logo

Log out
Get PRO

String locator

  • String locator on WordPress.org
  • Current version: 2.6.7
  • Last update: January 15, 2025
  • Known issues: Fixed
InstaWP has launched a new tool called String Locator that allows developers to easily search through their themes, plugins, or even WordPress core to find a specific piece of text that appears hardcoded into the files. The tool presents a list of files, the matched text, and the line of the file that matched the search, allowing developers to quickly make edits directly in their browser. A consistency check is performed by default when making edits to files to reduce the risk of breaking the site.

This information is sourced from wpvulnerabilities.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Submit

Vulnerabilities

  • Input validation vulnerability in String locator 2.6.6

    Fixed

    A plugin called String locator for WordPress has a security issue where untrusted information can be used to inject a harmful piece of code. This can be done by taking advantage of a function called ...

    Read More

  • Input validation vulnerability in String locator 2.6.5

    Fixed

    The String locator plugin for WordPress has a security issue that could allow hackers to inject harmful code into web pages. This can happen if a user is tricked into clicking on a link. This vulnera...

    Read More

  • Output validation vulnerability in String locator 2.5.0

    Fixed

    The String Locator plugin for WordPress has a security issue in versions up to 2.5.0. It can be exploited by unauthenticated users to call files using a PHAR wrapper. This would require a site adminis...

    Read More

  • Access violation vulnerability in String locator 2.5.0

    Fixed

    The String locator WordPress plugin before version 2.5.0 had a security issue which allowed people with higher levels of privilege

    Read More