A vulnerability was found in Better Search Replace Plugin up to 1.4.4 on WordPress (WordPress Plugin). It has been classified as critical. This affects an unknown function. The manipulation with an unknown input leads to a code injection vulnerability. CWE is classifying the issue as CWE-94. The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. This is going to have an impact on confidentiality, integrity, and availability.
The weakness was shared 01/24/2024. It is possible to read the advisory at wordfence.com. This vulnerability is uniquely identified as CVE-2023-6933 since 12/18/2023. The technical details are unknown and an exploit is not publicly available. The pricing for an exploit might be around USD $0-$5k at the moment (estimation calculated on 01/24/2024). The attack technique deployed by this issue is T1059 according to MITRE ATT&CK
What do you think?
It is nice to know your opinion. Leave a comment.