Lucene search
WordfenceCVE-2021-4434HistoryJan 17, 2024 - 9:15 a.m.
CVE-2021-4434
2024-01-1709:15:25
Wordfence
web.nvd.nist.gov
28
cve-2021-4434
social warfare plugin
wordpress
remote code execution
vulnerability
nvd
CVSS3
10
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
9.7
Confidence
High
EPSS
0.02
Percentile
89.1%
The Social Warfare plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 3.5.2 via the ‘swp_url’ parameter. This allows attackers to execute code on the server.
Affected configurations
Node
warfarepluginssocial_warfareRange<3.5.3wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| warfareplugins | social_warfare | * | cpe:2.3:a:warfareplugins:social_warfare:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "warfareplugins",
"product": "Social Sharing Plugin – Social Warfare",
"versions": [
{
"version": "*",
"status": "affected",
"lessThan": "3.5.3",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
]Related
nvd
nvd
CVE-2021-4434
2024-01-17 09:15:25
prion
prion
Remote code execution
2024-01-17 09:15:00
cvelist
cvelist
CVE-2021-4434
2024-01-17 08:31:03
CVSS3
10
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
9.7
Confidence
High
EPSS
0.02
Percentile
89.1%
Related for CVE-2021-4434