CVE-2023-6933

HIGH EXPLOITED NUCLEI LAB

Wpengine Better Search Replace < 1.4.5 - Insecure Deserialization

Title source: rule
STIX 2.1

Description

The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

Exploits (2)

nomisec WORKING POC
by Trex96 · remote
https://github.com/Trex96/vulnerable-bsr-lab-CVE-2023-6933
nomisec WRITEUP
by w2xim3 · remote
https://github.com/w2xim3/CVE-2023-6933

Nuclei Templates (1)

Better Search Replace < 1.4.5 - PHP Object Injection
CRITICALVERIFIEDby pussycat0x
FOFA: body="/wp-content/plugins/better-search-replace/"

References (3)

Core 3

Scores

CVSS v3 8.8
EPSS 0.9303
EPSS Percentile 99.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Lab Environment

COMMUNITY
Community Lab
docker pull trex999/vulnerable-bsr-lab:latest

Details

VulnCheck KEV 2024-01-25
CWE
CWE-502
Status published
Products (2)
wpengine/Better Search Replace < 1.4.4
wpengine/better_search_replace < 1.4.5
Published Feb 05, 2024
Tracked Since Feb 18, 2026