WordPress Social Warfare plugin zero-day exploited in attacks

March 24, 2019  By Pierluigi Paganini


A Cross-Site Scripting (XSS) vulnerability in Social Warfare installations (v3.5.1 and v3.5.2) is actively exploited to add malicious redirects.

The vulnerability in the WordPress plugin has been fixed with the release of the 3.5.3 version of the plugin.

Vulnerable versions of the Social Warfare plugin are currently installed on more than 70,000 websites. The plugin was temporarily removed from the WordPress plugin store and was later added again after the zero-day flaw has been addressed.

This flaw could allow remote unauthenticated attackers to execute JavaScript code stored in the database of WordPress websites that use vulnerable versions of the Social Warfare plugin.

“Earlier today, an unnamed security researcher published a full disclosure of a stored Cross-Site Scripting (XSS) vulnerability present in the most recent version of popular WordPress plugin Social Warfare. The plugin, which was subsequently removed from the WordPress.org plugin repository, has an active install base of over 70,000 sites.” reads the analysis published by WordPress security firm Wordfence.

“The flaw allows attackers to inject malicious JavaScript code into the social share links present on a site’s posts. “

Mikey Veenstra, Wordfence threat analyst, added that visitors of compromised WordPress websites are redirected to a series of malicious sites (i.e. pornography, tech support scam website, etc,) and attackers tracked their activity via cookies.

The development team at Social Warfare confirmed that threat actors are actively exploiting the zero-day flaw in attacks in the wild.

Users that for some reason could not update the Social Warfare plugin have to disable it.

The plugin’s download history info shows that there were roughly 21K downloads recorded after the disclosure of the zero-day, this means that that are tens of thousands of websites still running vulnerable versions.

Social Warfare zero-day

In the same hours of the disclosure of the Social Warfare flaw, another
zero-day flaw was abused by two threat groups in attacks in the wild. This second zero-day resides in “Easy WP SMTP,” a WordPress plugin with over 300,000 active installs.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – WordPress plugin, Social Warfare)

[adrotate banner=”5″]

[adrotate banner=”13″]



Pierluigi Paganini
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.





You might also like





  • Digging the Deep Web: Exploring the dark side of the web

    Digging The Deep Web

  • Center for Cyber Security and International Relations Studies

  • Subscribe Security Affairs Newsletter

    newsletter

  • SecurityAffairs awarded as Best European Cybersecurity Tech Blog at European Cybersecurity Blogger Awards

    EU Sec Bloggers Awards 22


More Story

Malware Static Analysis

 Malware researcher and founder of Yoroi Marco Ramilli shared a simple tool for malware static analysis he used to perform...