Security News > 2024 > January > Hackers target WordPress database plugin active on 1 million sites
Malicious activity targeting a critical severity flaw in the 'Better Search Replace' WordPress plugin has been detected, with researchers observing thousands of attempts in the past 24 hours.
Better Search Replace is a WordPress plugin with more than one million installations that helps with search and replace operations in databases when moving websites to new domains or servers.
Admins can use it to search and replace specific text in the database or handle serialized data, and it provides selective replacement options, support for WordPress Multisite, and also includes a "Dry run" option to make sure that everything works fine.
The description of the flaw in Wordfence's tracker states that Better Search Replace isn't directly vulnerable but can be exploited to execute code, retrieve sensitive data, or delete files if another plugin or theme on the same site contains the Property Oriented Programming chain.
Hackers have seized the opportunity to exploit the vulnerability as WordPress security firm Wordfence reports that it has blocked over 2,500 attacks targeting CVE-2023-6933 on its clients over the past 24 hours.
Over 150k WordPress sites at takeover risk via vulnerable plugin.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-05 | CVE-2023-6933 | Deserialization of Untrusted Data vulnerability in Wpengine Better Search Replace The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. | 9.8 |