5 matches found
CVE-2019-9978
CVE-2019-9978 affects WordPress Social Warfare plugin (and Social Warfare Pro). Public records show Remote Code Execution via the settings import flow, exploiting wp-admin/admin-post.php?swp_debug=load_options&swp_url=… to perform RFI-to-RCE. Exploits target versions up to 3.5.2, with references ...
CVE-2023-4842
CVE-2023-4842 refers to a stored XSS in the WordPress plugin Social Warfare (Social Sharing Plugin). The issue stems from insufficient input sanitization and output escaping in the social_warfare shortcode attributes, allowing authenticated attackers with contributor+ permissions to inject arbitr...
CVE-2021-4434
CVE-2021-4434 affects the WordPress Social Warfare plugin (versions up to 3.5.2). The vulnerability is a Remote Code Execution via the swp_url parameter, allowing an attacker to execute code on the server. Root cause: improper handling of the swp_url input. Impact: high (remote code execution). A...
CVE-2023-0402
The CVE-2023-0402 entry concerns the Social Warfare plugin for WordPress (versions up to and including 4.3.0). Root cause: missing capability checks on several AJAX actions leading to an authorization bypass; affected actors with subscriber-level permissions can delete post meta and reset network...
CVE-2023-0403
Vulnerability summary (CVE-2023-0403) : The WordPress Social Warfare plugin (versions up to and including 4.4.0) suffers a Cross-Site Request Forgery due to missing/incorrect nonce validation on several AJAX actions. This allows unauthenticated attackers to perform unauthorized actions, notably d...