B4ntGrim

CVE-2019-9978 NOMISEC MEDIUM WRITEUP

Social Warfare <3.5.3 - Stored XSS

The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro.

CVSS 6.1

View Code

CVE-2019-9978 NOMISEC MEDIUM WRITEUP

Social Warfare <3.5.3 - Stored XSS

The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro.

CVSS 6.1

View Code

CVE-2023-4842 NOMISEC MEDIUM WRITEUP

Social Warfare <4.4.3 - XSS

The Social Sharing Plugin - Social Warfare plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'social_warfare' shortcode in versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS 6.4

View Code