The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-02-05T21:21:53.045Z

Updated: 2024-08-22T16:01:42.781Z

Reserved: 2023-12-18T20:18:42.885Z

Link: CVE-2023-6933

cve-icon Vulnrichment

Updated: 2024-08-02T08:42:08.689Z

cve-icon NVD

Status : Modified

Published: 2024-02-05T22:15:57.407

Modified: 2024-11-21T08:44:51.933

Link: CVE-2023-6933

cve-icon Redhat

No data.