WordPress Vulnerability “Replace Better Search” Affects Up to +1 Million Websites

1 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 5 (1 votes, average: 5.00 out of 5, rated)
Better Search Replace Plugin Vulnerability

Word Fence Intelligence’s security professionals found a malicious activity that intends to take advantage of a critical severity vulnerability in the WordPress plugin “Better Search Replace.”

More than one million popular WordPress plugins and Better Search Replace installations have been installed globally. WordPress could replace databases and do more thorough database searches when websites are moved to other domains and servers with this plugin.

Better Search Replace WordPress Plugin

Better Search Replace is a WordPress plugin that has been installed over a million times, and it makes database searches and task replacement easier when moving websites to various domains or hosting settings.

With its enhanced Search and replace feature, the plugin offers a practical way to handle databases effectively. It also has a dynamic real-time text/word replacement function.

It offers selective replacement choices, supports WordPress Multisite, and a “dry run” option to ensure everything functions well. Admins can utilize it to search for and replace a particular text in the database or handle serialized data. A free and a paid Pro version of the plugin are available.

Key Features Include:

  • Replace any text by searching for it.
  • Look up and swap out attachment URLs, pictures, etc.
  • Without modifying the database, create temporary find-replace rules.
  • Remove or modify the footer credit without affecting the database or HTML code.
  • Utilizing jQuery and Ajax, search and replace the loaded text.
  • Find URLs and replace them. etc,

Pro Features Include:

  • robust database search and replacement capabilities.
  • The best way to search, replace, and remove items from serialized data.
  • Automated backup of the replacement and search data.
  • The most straightforward approach to recover data that you unintentionally replaced.
  • Possibility of individually checking and replacing every item that will be changed in the database. etc,

PHP Object Injection Vulnerability

WP Engine, the plugin provider, patched a critical-severity PHP object injection vulnerability, identified as CVE-2023-6933, last week with version 1.4.5.

Unauthenticated attackers can inject a PHP object due to a security flaw in the deserialization of untrusted input. If successful, exploitation might result in the execution of code, access to private information, the alteration or removal of files, and a generation of an infinite loop denial of service issue.

The website’s security can be jeopardized, or arbitrary code might be executed if an attacker can upload (inject) input with a serialized object. User input that needs to be sufficiently sanitized is typically the source of this vulnerability. Sanitization is a standard procedure for screening input data to ensure that only anticipated input kinds are accepted and dangerous inputs are rejected and blocked.

According to Wordfence’s tracker, Better Search Replace isn’t directly susceptible. Still, if another plugin or theme on the same website uses the Property Oriented Programming (POP) chain, it could be possible to use this issue to execute code, acquire sensitive data, or damage files.

A proper POP chain that the injected object can activate to carry out malicious operations is frequently necessary to exploit PHP object injection vulnerabilities.

Since WordPress security company Wordfence states that it has stopped over 2,500 attempts targeting CVE-2023-6933 on its clients in the last 24 hours, hackers have taken advantage of the vulnerability.

Strategies to Respond

Better Search Replace versions 1.4.4 and earlier are affected by the bug. Upgrading to 1.4.5 is an excellent idea for users as soon as possible. So, it is recommended that Better Search Replace plugin users update to the most recent version immediately to secure their websites against unauthorized activities.

Certera’s WordPress Support Services can help with each aspect of running a website, including managing user accounts, adding custom features, and configuring themes, plugins, and core files. Especially, our qualified experts can offer top-notch assistance with whatever task you require, including website setup, custom plugin development, malware protection, and performance optimization.

Janki Mehta

Janki Mehta

Janki Mehta is a passionate Cyber-Security Enthusiast who keenly monitors the latest developments in the Web/Cyber Security industry. She puts her knowledge into practice and helps web users by arming them with the necessary security measures to stay safe in the digital world.