CVE-2019-9978 – WordPress Social Warfare Plugin Cross-Site Scripting (XSS) Vulnerability

https://notcve.org/view.php?id=CVE-2019-9978

The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro. El plugin social-warfare, en versiones anteriores a la 3.5.3 para WordPress, tiene Cross-Site Scripting (XSS) persistente mediante el parámetro swp_url en wp-admin/admin-post.php?swp_debug=load_options, tal y como se explotó "in the wild" en marzo de 2019. • https://www.exploit-db.com/exploits/46794 https://github.com/hash3liZer/CVE-2019-9978 https://github.com/KTN1990/CVE-2019-9978 https://github.com/mpgn/CVE-2019-9978 https://github.com/grimlockx/CVE-2019-9978 https://github.com/h8handles/CVE-2019-9978-Python3 http://packetstormsecurity.com/files/152722/Wordpress-Social-Warfare-Remote-Code-Execution.html http://packetstormsecurity.com/files/163680/WordPress-Social-Warfare-3.5.2-Remote-Code-Execution.html https://blog.sucuri.net/2019/03&# • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •