Article Details
Scrape Timestamp (UTC): 2024-01-25 14:17:54.331
Original Article Text
Click to Toggle View
Hackers target WordPress database plugin active on 1 million sites. Malicious activity targeting a critical severity flaw in the ‘Better Search Replace’ WordPress plugin has been detected, with researchers observing thousands of attempts in the past 24 hours. Better Search Replace is a WordPress plugin with more than one million installations that helps with search and replace operations in databases when moving websites to new domains or servers. Admins can use it to search and replace specific text in the database or handle serialized data, and it provides selective replacement options, support for WordPress Multisite, and also includes a “dry run” option to make sure that everything works fine. The plugin vendor, WP Engine, released version 1.4.5 last week to address a critical-severity PHP object injection vulnerability tracked as CVE-2023-6933. The security issue stems from deserializing untrusted input and allows unauthenticated attackers to inject a PHP object. Successful exploitation could lead to code execution, access to sensitive data, file manipulation or deletion, and triggering an infinite loop denial of service condition. The description of the flaw in Wordfence’s tracker states that Better Search Replace isn’t directly vulnerable but can be exploited to execute code, retrieve sensitive data, or delete files if another plugin or theme on the same site contains the Property Oriented Programming (POP) chain. The exploitability of PHP object injection vulnerabilities often relies on the presence of a suitable POP chain that can be triggered by the injected object to perform malicious actions. Hackers have seized the opportunity to exploit the vulnerability as WordPress security firm Wordfence reports that it has blocked over 2,500 attacks targeting CVE-2023-6933 on its clients over the past 24 hours. The flaw impacts all Better Search Replace versions up to 1.4.4. Users are strongly recommended to upgrade to 1.4.5 as soon as possible. Download stats on WordPress.org recorded close to a half million downloads over the past week, with 81% of the active versions being 1.4 but unclear about the minor release.
Daily Brief Summary
Hackers are exploiting a critical severity flaw in the 'Better Search Replace' WordPress plugin, actively installed on over one million sites.
The vulnerability, tracked as CVE-2023-6933, could allow unauthenticated attackers to inject a PHP object due to deserialization of untrusted input.
The WP Engine vendor has released an update, version 1.4.5, to address this security issue, which can lead to code execution, data access, and potential denial of service.
While 'Better Search Replace' itself isn't directly vulnerable, the flaw can be exploited in conjunction with other plugins or themes that contain a suitable Property Oriented Programming (POP) chain.
Wordfence, a WordPress security firm, has reported blocking over 2,500 attacks exploiting this vulnerability in just 24 hours.
Although there have been close to half a million downloads of the plugin in the past week, clarity on the update adoption rate amongst users remains uncertain.
Users are urged to upgrade to the patched version 1.4.5 immediately to prevent potential security breaches and exploitation.