(1 votes, average: 5.00 out of 5, rated)
Word Fence Intelligence’s security professionals found a malicious activity that intends to take advantage of a critical severity vulnerability in the WordPress plugin “Better Search Replace.”
More than one million popular WordPress plugins and Better Search Replace installations have been installed globally. WordPress could replace databases and do more thorough database searches when websites are moved to other domains and servers with this plugin.
Better Search Replace is a WordPress plugin that has been installed over a million times, and it makes database searches and task replacement easier when moving websites to various domains or hosting settings.
With its enhanced Search and replace feature, the plugin offers a practical way to handle databases effectively. It also has a dynamic real-time text/word replacement function.
It offers selective replacement choices, supports WordPress Multisite, and a “dry run” option to ensure everything functions well. Admins can utilize it to search for and replace a particular text in the database or handle serialized data. A free and a paid Pro version of the plugin are available.
WP Engine, the plugin provider, patched a critical-severity PHP object injection vulnerability, identified as CVE-2023-6933, last week with version 1.4.5.
Unauthenticated attackers can inject a PHP object due to a security flaw in the deserialization of untrusted input. If successful, exploitation might result in the execution of code, access to private information, the alteration or removal of files, and a generation of an infinite loop denial of service issue.
The website’s security can be jeopardized, or arbitrary code might be executed if an attacker can upload (inject) input with a serialized object. User input that needs to be sufficiently sanitized is typically the source of this vulnerability. Sanitization is a standard procedure for screening input data to ensure that only anticipated input kinds are accepted and dangerous inputs are rejected and blocked.
According to Wordfence’s tracker, Better Search Replace isn’t directly susceptible. Still, if another plugin or theme on the same website uses the Property Oriented Programming (POP) chain, it could be possible to use this issue to execute code, acquire sensitive data, or damage files.
A proper POP chain that the injected object can activate to carry out malicious operations is frequently necessary to exploit PHP object injection vulnerabilities.
Since WordPress security company Wordfence states that it has stopped over 2,500 attempts targeting CVE-2023-6933 on its clients in the last 24 hours, hackers have taken advantage of the vulnerability.
Better Search Replace versions 1.4.4 and earlier are affected by the bug. Upgrading to 1.4.5 is an excellent idea for users as soon as possible. So, it is recommended that Better Search Replace plugin users update to the most recent version immediately to secure their websites against unauthorized activities.
Certera’s WordPress Support Services can help with each aspect of running a website, including managing user accounts, adding custom features, and configuring themes, plugins, and core files. Especially, our qualified experts can offer top-notch assistance with whatever task you require, including website setup, custom plugin development, malware protection, and performance optimization.