CVE-2023-6933

The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. I...

CVE-2023-6933 Better Search Replace <= 1.4.4 - Unauthenticated PHP Object Injection

The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. I...

CVE-2023-6933

CVE-2023-6933 affects the WordPress plugin Better Search Replace (

CVE-2023-6933

creationtimestamp| type| source ---|---|--- 2024-01-26 11:34:31+00:00| exploited| https://t.me/xakepru/15297 2024-02-15 02:16:19+00:00| seen| https://t.me/ctinow/185182 2024-02-18 09:11:50+00:00| seen| https://t.me/ctinow/187179 2025-09-24 15:12:43+00:00| confirmed|...

WordPress Better Search Replace Plugin <= 1.4.4 is vulnerable to PHP Object Injection

Software Better Search Replace Type Plugin Vulnerable versions = 1.4.4 Fixed in 1.4.5 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-6933 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 3ac241f51ac9 Credits Sam Pizzey mopman Required privilege...

VulnCheck KEV: CVE-2023-6933

The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin...