Hackers Are Targeting WordPress Database Plugin That Is Active On 1 Million Websites

Techno, Intuisi Blog – A malicious activity hackers that targets a crucial vulnerability in the Better search replace WordPress plugin has been discovered, and researchers have observed numerous attempts over the last 24 days.

Better Search Replace is a WordPress plugin that has more than one million installs that aid in the search and replace process within databases, when transferring sites to new domains or servers.

Administrators may utilize it to search and substitute specific words within the database, or to handle the serialization of data. It offers a variety of replacement options that are selective as well as assistance for WordPress Multisite and provides an “dry run” option to ensure that everything is working perfectly.

The vendor of the plugin, WP Engine, released version 1.4.5 this week in order to fix an issue of critical severity PHP vulnerability known as object injection. as CVE-2023-6933.

The security problem stems from the de-serialization of untrusted input, which allow unauthenticated attackers to insert the contents of a PHP object. If they are successful, the attack could result in executable code, gaining access to data that is sensitive as well as deletion, manipulation of files or triggering an endless loop of denial of service.

Wordfence Plugin For WordPress

This description about the vulnerability is in Wordfence’s Tracker declares it is Better Search Replace doesn’t appear at risk, but could be exploited to run code, access sensitive data or even delete the files in case a theme or plugin that’s within the same website has it. Property Oriented Programming (POP) chain.

The vulnerability that can be exploited by PHP security vulnerabilities that involve injection of objects usually is dependent on an appropriate POP chain which can be activated by the object being injected in order to carry out malicious activities.

Hackers have taken advantage of the chance to exploit this vulnerability. WordPress security company Wordfence claims to have prevented more than 2,500 attacks on CVE-2023-6933’s clients in the last 24 hours.

This flaw affects the entire range of Better Search Replace versions up to 1.4.4. It is strongly advised for a change to 1.4.5 whenever possible.

Download statistics at WordPress.org recorded close to 50 million downloads during the last week, with 81% of all currently active versions running 1.4 however, there is no information on the minor version.

Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Exit mobile version