Lucene search
K
WarfarepluginsSocial Warfare

5 matches found

CVE
CVE
added 2019/03/24 2:47 p.m.1274 views

CVE-2019-9978

CVE-2019-9978 affects WordPress Social Warfare plugin (and Social Warfare Pro). Public records show Remote Code Execution via the settings import flow, exploiting wp-admin/admin-post.php?swp_debug=load_options&swp_url=… to perform RFI-to-RCE. Exploits target versions up to 3.5.2, with references ...

6.1CVSS6AI score0.73543EPSS
In wildWeb
CVE
CVE
added 2023/11/07 11:31 a.m.86 views

CVE-2023-4842

CVE-2023-4842 refers to a stored XSS in the WordPress plugin Social Warfare (Social Sharing Plugin). The issue stems from insufficient input sanitization and output escaping in the social_warfare shortcode attributes, allowing authenticated attackers with contributor+ permissions to inject arbitr...

6.4CVSS5.3AI score0.00566EPSS
CVE
CVE
added 2024/01/17 8:31 a.m.66 views

CVE-2021-4434

CVE-2021-4434 affects the WordPress Social Warfare plugin (versions up to 3.5.2). The vulnerability is a Remote Code Execution via the swp_url parameter, allowing an attacker to execute code on the server. Root cause: improper handling of the swp_url input. Impact: high (remote code execution). A...

10CVSS9.7AI score0.01923EPSS
CVE
CVE
added 2023/01/19 2:7 p.m.61 views

CVE-2023-0402

The CVE-2023-0402 entry concerns the Social Warfare plugin for WordPress (versions up to and including 4.3.0). Root cause: missing capability checks on several AJAX actions leading to an authorization bypass; affected actors with subscriber-level permissions can delete post meta and reset network...

5.4CVSS5.1AI score0.00765EPSS
CVE
CVE
added 2023/01/19 2:7 p.m.55 views

CVE-2023-0403

Vulnerability summary (CVE-2023-0403) : The WordPress Social Warfare plugin (versions up to and including 4.4.0) suffers a Cross-Site Request Forgery due to missing/incorrect nonce validation on several AJAX actions. This allows unauthenticated attackers to perform unauthorized actions, notably d...

5.4CVSS6AI score0.00374EPSS
Web