WordPress Social Warfare plugin vulnerabilities abused in the wild

News by Doug Olenick

CMSs open to exploits in the wild

About 42,000 websites have not updated to the latest version of the Social Warfare WordPress plugin, leaving themselves open to a pair of vulnerabilities that are being exploited in the wild.

Palo Alto’s Unit 42 research team is reporting that the two problems, both rated medium-level threats and tracked under CVE-2019-9978, were patched through a release posted on March 21. But any site that has not updated could be hit with a remote code execution or cross-site scripting attack. Versions 3.5.3 and earlier of Social Warfare, which adds social sharing buttons to websites, are at issue.

"An attacker can use these vulnerabilities to run arbitrary PHP code and control the website and the server without authentication. The attackers may use the compromised sites to perform digital coin mining or host malicious exploit code," Unit 42 wrote.

In tracking the threat, the researchers found five compromised sites that are actively being used for hosting malicious exploit code.

Social Warfare is the most recent WordPress plugin to find itself in the news. In the last couple of months, Yuzo Related Posts, Duplicate-Page and Easy WP SMTP were all called out for different issues.

This article was originally published on SC Media US.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming event 

Webcast: Understanding this year's biggest adversaries - and how to combat them 

Nation-state activity, versatile, slippery strategies and Big Game Hunting - the threats are real, dangerous and ever changing. 
Brought to you in partnership with Crowdstrike