CVE-2023-6933

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Feb 5, 2024

Updated: Feb 14, 2024

CWE ID 502

Summary

CVE-2023-6933 is a vulnerability affecting the Better Search Replace plugin for WordPress. This issue allows unauthenticated attackers to inject PHP Objects due to deserialization of untrusted input in all versions up to 1.4.4. No Pop chain exists within the plugin itself, but if one is present via an additional plugin or theme, the attacker could potentially delete files, retrieve sensitive data, or execute arbitrary code.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

WP Engine

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/t2UN46
https://www.cve.org/CVERecord?id=CVE-2023-6933
https://nvd.nist.gov/vuln/detail/CVE-2023-6933

Back to Vulnerability Database

CVE-2023-6933

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations