Home / News / Vulnerable WordPress plugin “Social Warfare” has been removed from repository.

Vulnerable WordPress plugin “Social Warfare” has been removed from repository.

The popular WordPress plugin Social Warfare has been removed from the official repository. This is a Social_Warfare plugin that contains a vulnerability used by cybercriminals in real attacks.

Social Warfare allows WordPress site owners to add social network buttons to their resources, designed to share content from other sites.

Social Warfare is installed on 70,000 sites, and downloaded more than 805,000 times. According to the Wordfence team, the latest version of the plugin (3.5.2) contains a cross-site scripting vulnerability (XSS). Worse, researchers have noticed real attacks on sites where attackers exploit this flaw.

“Vulnerability allows attackers to inject malicious JavaScript code into links intended for sharing the material,” said Mikey Vinstra from Wordfence.

The attacks began after an unknown expert published a complete analysis of the gaps. That is why the plugin has been removed from the official repository.

On the Social_Warfare page, the WordPress team noted:

“The plugin was withdrawn on March 21, 2019. It is no longer available for download.”

The Social_Warfare team wrote on Twitter that developers are aware of the vulnerability, and is currently working on a patch that will be available to users soon:

Zero-Day Vulnerability Details

The plugin features functionality that allows users to clone its settings from another site. However, this functionality was not restricted to administrators or even logged-in users. An attacker is able to input a URL pointing to a crafted configuration document, which overwrites the plugin’s settings on the victim’s site.
Vulnerability Details

With the ability to modify the social media plugin’s settings, an attacker can pivot and perform more malicious activity. In all cases we’ve tracked so far, attackers modify the twitter_id value, as it most directly leads to a front-facing XSS injection point.

[Total: 0    Average: 0/5]
Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Check Also

Tortoiseshell attacks Saudi IT companies

Tortoiseshell cybercrime attacks Saudi IT companies

Over the past 14 months, the Tortoiseshell cybercriminal group has attacked at least 11 IT …

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.