CVE-2023-6933

CRITICAL EXPLOITED NUCLEI

Wpengine Better Search Replace < 1.4.5 - Insecure Deserialization

Title source: rule

Description

The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

Exploits (2)

nomisec WRITEUP

by w2xim3 · remote

https://github.com/w2xim3/CVE-2023-6933

View Code ZIP pw:eip

nomisec WORKING POC

by Trex96 · remote

https://github.com/Trex96/vulnerable-bsr-lab-CVE-2023-6933

View Code ZIP pw:eip

Nuclei Templates (1)

Better Search Replace < 1.4.5 - PHP Object Injection

CRITICALVERIFIEDby pussycat0x

FOFA: body="/wp-content/plugins/better-search-replace/"

References (3)

[Exploit] https://plugins.trac.wordpress.org/browser/better-search-replace/trunk/includes/class-bsr-db.php#L334

[Patch] https://plugins.trac.wordpress.org/changeset/3023674/better-search-replace/trunk/includes/class-bsr-db.php

[Third Party Advisory] https://www.wordfence.com/threat-intel/vulnerabilities/id/895f2db1-a2ed-4a17-a4f6-cd13ee8f84af?source=cve

Scores

CVSS v3 9.8

EPSS 0.9300

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation Intel

VulnCheck KEV 2024-01-25

Classification

CWE

CWE-502

Status published

Affected Products (1)

wpengine/better_search_replace < 1.4.5

Timeline

Published Feb 05, 2024

Tracked Since Feb 18, 2026