CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 1CVE-2021-4434 – Social Warfare <= 3.5.2 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2021-4434
The Social Warfare plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 3.5.2 via the 'swp_url' parameter. This allows attackers to execute code on the server. El complemento Social Warfare para WordPress es vulnerable a la ejecución remota de código en versiones hasta la 3.5.2 inclusive a través del parámetro 'swp_url'. Esto permite a los atacantes ejecutar código en el servidor. • https://packetstormsecurity.com/files/163680/WordPress-Social-Warfare-3.5.2-Remote-Code-Execution.html https://www.wordfence.com/threat-intel/vulnerabilities/id/98cf2a10-cc53-4479-87d1-71489f6a8c51?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.2EPSS: 96%CPEs: 2EXPL: 11CVE-2019-9978 – WordPress Social Warfare Plugin Cross-Site Scripting (XSS) Vulnerability
https://notcve.org/view.php?id=CVE-2019-9978
The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro. El plugin social-warfare, en versiones anteriores a la 3.5.3 para WordPress, tiene Cross-Site Scripting (XSS) persistente mediante el parámetro swp_url en wp-admin/admin-post.php?swp_debug=load_options, tal y como se explotó "in the wild" en marzo de 2019. • https://www.exploit-db.com/exploits/46794 https://github.com/hash3liZer/CVE-2019-9978 https://github.com/KTN1990/CVE-2019-9978 https://github.com/mpgn/CVE-2019-9978 https://github.com/grimlockx/CVE-2019-9978 https://github.com/h8handles/CVE-2019-9978-Python3 http://packetstormsecurity.com/files/152722/Wordpress-Social-Warfare-Remote-Code-Execution.html http://packetstormsecurity.com/files/163680/WordPress-Social-Warfare-3.5.2-Remote-Code-Execution.html https://blog.sucuri.net/2019/03&# • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •