The WordPress plugin Better Search Replace has a critical vulnerability that hackers are actively exploiting.
That’s what the security experts at Wordfence Intelligence found. The popular WordPress plugin Better Search Replace has over 1 million installs worldwide. The plugin allows WordPress to search databases on a deeper level and replace databases when they move websites to new domains and servers.
CVE-2023-6933
The recently found critical vulnerability CVE-2023-6933 allows, through “deserializing untrusted input,” the injection of an unauthenticated PHP object. This allows hackers to execute code, access sensitive data, and manipulate or delete files. Ultimately, this could even lead to the shutdown of affected websites.
The vulnerability triggers those consequences when another plugin or theme on the site contains the so-called Property Oriented Programming (POP) chain.
Other vulnerabilities, such as CVE-2023-25135, would also still play a role.
Actively exploited, patch version available
Security experts note that the vulnerability in the popular WordPress plugin is now being actively abused. In 24 hours, as many as 2,500 attacks seeking to exploit this vulnerability were reportedly blocked.
The developers of Better Search Replace have since released version 14.5, which fixes the vulnerability. Users are urged to switch to this WordPress plugin version as soon as possible.
Also read: 150,000 WordPress sites at risk due to vulnerable SMTP plug-in