CVE-2019-9978 Scanner
Detects 'Remote Code Execution (RCE)' vulnerability in Social Warfare plugin for WordPress affects v. prior to 3.5.3.
Short Info
Level
Medium
Type
Single Scan
Can be used by
Asset Owner
Estimated Time
15 sec
Scan only one
Url
Parent Category
CVE-2019-9978 Scanner Detail
The Social Warfare plugin for WordPress is a popular social media sharing and optimization plugin used by website owners, bloggers, and digital marketers. It is designed to help increase website traffic by making it easy for visitors to share content on social media platforms such as Facebook, Twitter, Pinterest, and LinkedIn. With over 70,000 active installations, the Social Warfare plugin is one of the most widely used social sharing plugins in WordPress.
Recently, a critical vulnerability code was detected in the Social Warfare plugin, specifically CVE-2019-9978. This vulnerability allowed hackers to exploit the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, exposing the website to stored cross-site scripting (XSS) attacks. Hackers could inject malicious code into the website, and when users visited or interacted with the affected page, their sensitive data could be stolen or manipulated without their knowledge.
The potential consequences of this vulnerability being exploited are severe. Hackers could steal sensitive data such as login credentials, personal information, and financial details. They could even manipulate the website by inserting malicious code that could redirect visitors to phishing sites or malware-infected pages.
Finally, it's important to note that security is an ongoing process and not a one-time task. Regularly updating software, monitoring for vulnerabilities, and ensuring that website security systems are up to date is crucial to keeping your website safe from attacks. With the help of pro features offered by securityforeveryone.com platform, website owners can easily and quickly identify vulnerabilities in their digital assets, protecting their websites, and their visitors, from any potential threats. Don't wait until it's too late – start taking action today to ensure your website's security.
REFERENCES
- http://packetstormsecurity.com/files/152722/Wordpress-Social-Warfare-Remote-Code-Execution.html
- https://blog.sucuri.net/2019/03/zero-day-stored-xss-in-social-warfare.html
- https://twitter.com/warfareplugins/status/1108852747099652099
- https://wordpress.org/plugins/social-warfare/#developers
- https://wpvulndb.com/vulnerabilities/9238
- https://www.cybersecurity-help.cz/vdb/SB2019032105
- https://www.exploit-db.com/exploits/46794/
- https://www.pluginvulnerabilities.com/2019/03/21/full-disclosure-of-settings-change-persistent-cross-site-scripting-xss-vulnerability-in-social-warfare/
- https://www.wordfence.com/blog/2019/03/unpatched-zero-day-vulnerability-in-social-warfare-plugin-exploited-in-the-wild/
control security posture