Over a Million Sites at Risk: Hackers are Exploiting CVE-2023-6933 Flaw in WordPress Plugin

A critical vulnerability was identified in the widely used Better Search Replace plugin, a staple tool for over a million active websites. This plugin, cherished for its ability to streamline the daunting task of search and replace operations across WordPress databases during site or server migrations, has been compromised, exposing users to a host of potential cyber threats.


Dubbed CVE-2023-6933, this security flaw has been classified with a critical severity rating of 9.8 out of 10. The vulnerability originates from the plugin’s handling of PHP Object Injection via the deserialization of untrusted input, affecting versions up to and including 1.4.4. This oversight paves the way for unauthenticated attackers to manipulate PHP objects, setting the stage for potentially devastating consequences.

According to the cybersecurity firm Wordfence, the exploitation of this vulnerability could enable attackers to perform a range of malicious activities. While the Better Search Replace plugin itself does not contain a Property-Oriented Programming (POP) chain, the presence of such a chain in another installed plugin or theme could amplify the threat, leading to arbitrary file deletions, unauthorized access to sensitive data, and arbitrary code execution.

In light of this discovery, WP Engine acted swiftly to mitigate the risk, releasing an updated version of the plugin, 1.4.5, to address the vulnerability. This prompt response underscores the critical importance of maintaining up-to-date software to safeguard against emerging threats.

The exploitation of this vulnerability highlights the sophisticated tactics employed by cybercriminals, capable of leveraging even the smallest oversight to infiltrate and compromise digital systems. With Wordfence reporting over two thousand attacks targeting CVE-2023-6933 in just 24 hours, the threat is not hypothetical but a stark reality.

Site owners, administrators, and developers are urged to update their installations of Better Search Replace to the latest version without delay. This update is not just recommended; it is imperative for the security of their websites.