"Hackers Target WordPress Database Plugin Active on 1 million Sites"

Security researchers at Wordfence have discovered malicious activity targeting a critical severity flaw in the "Better Search Replace" WordPress plugin in the past 24 hours.  Better Search Replace is a WordPress plugin with more than one million installations that helps with search and replace operations in databases when moving websites to new domains or servers.  The plugin vendor, WP Engine, released version 1.4.5 last week to address a critical-severity PHP object injection vulnerability tracked as CVE-2023-6933.  The researchers noted that the security issue stems from deserializing untrusted input and allows unauthenticated attackers to inject a PHP object.  Successful exploitation could lead to code execution, access to sensitive data, file manipulation or deletion, and triggering an infinite loop denial of service condition.  The researchers noted that Better Search Replace isn't directly vulnerable but can be exploited to execute code, retrieve sensitive data, or delete files if another plugin or theme on the same site contains the Property Oriented Programming (POP) chain.  Hackers have seized the opportunity to exploit the vulnerability as Wordfence has blocked over 2,500 attacks targeting CVE-2023-6933 on its clients over the past 24 hours.  The researchers noted that the flaw impacts all Better Search Replace versions up to 1.4.4.  Users are strongly recommended to upgrade to 1.4.5 as soon as possible.

 

BleepingComputer reports: "Hackers Target WordPress Database Plugin Active on 1 million Sites"

Submitted by Adam Ekwall on