CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-6933 – Better Search Replace <= 1.4.4 - Unauthenticated PHP Object Injection
https://notcve.org/view.php?id=CVE-2023-6933
The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. El complemento Better Search Replace para WordPress es vulnerable a la inyección de objetos PHP en todas las versiones hasta la 1.4.4 incluida, a través de la deserialización de entradas que no son de confianza. • https://github.com/w2xim3/CVE-2023-6933 https://plugins.trac.wordpress.org/browser/better-search-replace/trunk/includes/class-bsr-db.php#L334 https://plugins.trac.wordpress.org/changeset/3023674/better-search-replace/trunk/includes/class-bsr-db.php https://www.wordfence.com/threat-intel/vulnerabilities/id/895f2db1-a2ed-4a17-a4f6-cd13ee8f84af?source=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2593 – Better Search and Replace < 1.4.1 - Admin+ SQLi
https://notcve.org/view.php?id=CVE-2022-2593
The Better Search Replace WordPress plugin before 1.4.1 does not properly sanitise and escape table data before inserting it into a SQL query, which could allow high privilege users to perform SQL Injection attacks El plugin Better Search Replace de WordPress versiones anteriores a 1.4.1, no sanea y escapa apropiadamente los datos de la tabla antes de insertarlos en una consulta SQL, lo que podría permitir a usuarios con altos privilegios llevar a cabo ataques de inyección SQL. The plugin Better Search Replace for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.4. This is due to lack of sanitization of user input in the construction of a database query. This makes it possible for authenticated attackers with administrator-level accounts to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://wpscan.com/vulnerability/229a065e-1062-44d4-818d-29aa3b6b6d41 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •