CVE-2023-6933

Name of the Vulnerable Software and Affected Versions Better Search Replace plugin for WordPress versions up to, and including, 1.4.4

Description The issue is related to PHP Object Injection via deserialization of untrusted input, allowing unauthenticated attackers to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. Approximately 1 million sites are impacted. Over 2,500 attacks targeting this issue have been reported in the past 24 hours.

Recommendations For versions up to, and including, 1.4.4, update to version 1.4.5 to resolve the issue. As a temporary workaround, consider restricting access to the plugin to minimize the risk of exploitation. Avoid using the plugin until the issue is resolved.