WordPress Social Warfare Vulnerability

Two vulnerabilities have been identified in the popular Social Warfare WordPress plugin. The first being a remote code execution bug and the other a cross site scripting vulnerability.

Threat ID:: CC-3036
Category:: Cryptocurrency
Threat Severity:: Low
Threat Vector:: Download, Drive by download, Email spam, Email
Published:: 24 April 2019 12:00 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Two vulnerabilities have been identified in the popular Social Warfare WordPress plugin. The first being a remote code execution bug and the other a cross site scripting vulnerability.

Threat details

A remote unauthenticated attacker could exploit these vulnerabilities to gain control of an affected server. They could then use this to stage further malware infections, phishing campaigns or cryptocurrency operations

For further information

CVE-2019-9978

Remediation steps

Type	Step
	Warfare Plugins have released a patch to address this vulnerability. Users and administrators are encouraged to review the WordPress Social Sharing Plugin – Social Warfare download page and apply the necessary update.

Last edited: 14 February 2020 2:52 pm