Warfareplugins

Social Warfare

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2025-26973

  • EPSS 0.08%
  • Veröffentlicht 22.02.2025 16:15:32
  • Zuletzt bearbeitet 22.02.2025 16:15:32

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WarfarePlugins Social Warfare allows DOM-Based XSS. This issue affects Social Warfare: from n/a through 4.5.4.

10

CVE-2024-6297

  • EPSS 2.29%
  • Veröffentlicht 25.06.2024 04:15:17
  • Zuletzt bearbeitet 21.11.2024 09:49:23

Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and i...

4.3

CVE-2024-34825

  • EPSS 0.12%
  • Veröffentlicht 14.05.2024 15:39:36
  • Zuletzt bearbeitet 21.11.2024 09:19:28

Cross-Site Request Forgery (CSRF) vulnerability in Warfare Plugins Social Warfare.This issue affects Social Warfare: from n/a through 4.4.5.1.

6.4

CVE-2024-1959

  • EPSS 0.19%
  • Veröffentlicht 02.05.2024 17:15:14
  • Zuletzt bearbeitet 21.11.2024 08:51:41

The Social Sharing Plugin – Social Warfare plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'socialWarfare' shortcode in all versions up to, and including, 4.4.6.1 due to insufficient input sanitization and output es...

9.8

CVE-2021-4434

Exploit
  • EPSS 7.99%
  • Veröffentlicht 17.01.2024 09:15:25
  • Zuletzt bearbeitet 21.11.2024 06:37:43

The Social Warfare plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 3.5.2 via the 'swp_url' parameter. This allows attackers to execute code on the server.

5.4

CVE-2023-4842

  • EPSS 0.15%
  • Veröffentlicht 07.11.2023 12:15:12
  • Zuletzt bearbeitet 21.11.2024 08:36:05

The Social Sharing Plugin - Social Warfare plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'social_warfare' shortcode in versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping on user sup...

5.4

CVE-2023-0403

Exploit
  • EPSS 0.06%
  • Veröffentlicht 19.01.2023 15:15:14
  • Zuletzt bearbeitet 21.11.2024 07:37:07

The Social Warfare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.0. This is due to missing or incorrect nonce validation on several AJAX actions. This makes it possible for unauthenticated atta...

5.4

CVE-2023-0402

Exploit
  • EPSS 0.03%
  • Veröffentlicht 19.01.2023 15:15:13
  • Zuletzt bearbeitet 21.11.2024 07:37:07

The Social Warfare plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several AJAX actions in versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with subscriber-level...

6.1

CVE-2019-9978

Warnung Exploit
  • EPSS 87.51%
  • Veröffentlicht 24.03.2019 15:29:00
  • Zuletzt bearbeitet 07.11.2025 19:33:51

The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro.