Lucene search

K
WarfarepluginsSocial Warfare*

7 matches found

CVE
CVE
added 2019/03/24 3:29 p.m.1191 views

CVE-2019-9978

The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro.

6.1CVSS6AI score0.87697EPSS
CVE
CVE
added 2024/06/25 4:15 a.m.69 views

CVE-2024-6297

Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator us...

10CVSS9.6AI score0.03192EPSS
CVE
CVE
added 2023/11/07 12:15 p.m.66 views

CVE-2023-4842

The Social Sharing Plugin - Social Warfare plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'social_warfare' shortcode in versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for auth...

6.4CVSS5.3AI score0.00148EPSS
CVE
CVE
added 2025/02/22 4:15 p.m.49 views

CVE-2025-26973

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WarfarePlugins Social Warfare allows DOM-Based XSS. This issue affects Social Warfare: from n/a through 4.5.4.

6.5CVSS6.5AI score0.00034EPSS
CVE
CVE
added 2024/01/17 9:15 a.m.48 views

CVE-2021-4434

The Social Warfare plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 3.5.2 via the 'swp_url' parameter. This allows attackers to execute code on the server.

10CVSS9.7AI score0.07986EPSS
CVE
CVE
added 2023/01/19 3:15 p.m.44 views

CVE-2023-0402

The Social Warfare plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several AJAX actions in versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete post meta infor...

5.4CVSS5.1AI score0.0004EPSS
CVE
CVE
added 2023/01/19 3:15 p.m.40 views

CVE-2023-0403

The Social Warfare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.0. This is due to missing or incorrect nonce validation on several AJAX actions. This makes it possible for unauthenticated attackers to delete post meta information and reset n...

5.4CVSS5.1AI score0.00055EPSS