Top
image credit: Pixabay

Exploits for Social Warfare WordPress Plugin Reach Critical Mass

April 24, 2019

Category:

Active exploits for a recently disclosed bug in a popular WordPress plugin, Social Warfare, are snowballing in the wild – potentially putting more than 40,000 websites at risk.

The vulnerability, CVE-2019-9978, tracks both a stored cross-site scripting (XSS) vulnerability and a remote code-execution (RCE) bug. An attacker can use these vulnerabilities to run arbitrary PHP code and gain control the website and server, without authentication.

Read More on Threat Post