19 matches found
Better Search Replace < 1.4.5 - PHP Object Injection
The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. I...
CVE-2022-2593
The Better Search Replace WordPress plugin before 1.4.1 does not properly sanitise and escape table data before inserting it into a SQL query, which could allow high privilege users to perform SQL Injection attacks...
WordPress Better Search Replace Plugin < 1.4.5 PHP Object Injection Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:deliciousbrains:bettersearchreplace"; if description...
CVE-2023-6933
The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. I...
Deserialization of untrusted data
The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. I...
CVE-2023-6933
CVE-2023-6933 affects the WordPress plugin Better Search Replace (
WordPress plugin Better Search Replace security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
Exploit for Deserialization of Untrusted Data in Wpengine Better_Search_Replace
PoC exploit for CVE-2023-6933, a vulnerability in a web applicat...
WordPress Better Search Replace Plugin <= 1.4.4 is vulnerable to PHP Object Injection
Software Better Search Replace Type Plugin Vulnerable versions = 1.4.4 Fixed in 1.4.5 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-6933 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 3ac241f51ac9 Credits Sam Pizzey mopman Required privilege...
PT-2024-15128
Name of the Vulnerable Software and Affected Versions Better Search Replace plugin for WordPress versions up to, and including, 1.4.4 Description The issue is related to PHP Object Injection via deserialization of untrusted input, allowing unauthenticated attackers to inject a PHP Object. If a PO...
VulnCheck KEV: CVE-2023-6933
The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin...
WordPress Better Search Replace Plugin < 1.4.1 SQLi Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:deliciousbrains:bettersearchreplace"; if description...
CVE-2022-2593
The Better Search Replace WordPress plugin before 1.4.1 does not properly sanitise and escape table data before inserting it into a SQL query, which could allow high privilege users to perform SQL Injection attacks...
CVE-2022-2593
The Better Search Replace WordPress plugin before 1.4.1 does not properly sanitise and escape table data before inserting it into a SQL query, which could allow high privilege users to perform SQL Injection attacks...
CVE-2022-2593
The Better Search Replace WordPress plugin before 1.4.1 does not properly sanitise and escape table data before inserting it into a SQL query, which could allow high privilege users to perform SQL Injection attacks...
Sql injection
The Better Search Replace WordPress plugin before 1.4.1 does not properly sanitise and escape table data before inserting it into a SQL query, which could allow high privilege users to perform SQL Injection attacks...
CVE-2022-2593 Better Search and Replace < 1.4.1 - Admin+ SQLi
The Better Search Replace WordPress plugin before 1.4.1 does not properly sanitise and escape table data before inserting it into a SQL query, which could allow high privilege users to perform SQL Injection attacks...
CVE-2022-2593
Summary: CVE-2022-2593 affects the WordPress plugin Better Search Replace, prior to version 1.4.1. The vulnerability arises from improper sanitization and escaping of table data before insertion into SQL queries, potentially enabling high-privilege users to perform SQL injection. The issue is doc...
WordPress plugin Better Search Replace SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the...