Critical vulnerabilities in Social Warfare, a plugin for WordPress sites

Cyber forensics course specialists report an active campaign to exploit two critical vulnerabilities in Social Warfare, one of the most used social media plugins, to take control over WordPress websites that use a non updated version of this plugin.

Social Warfare is a plugin widely used by WordPress site administrators and has been downloaded almost a million times. Its main function is adding buttons to pages to share content on social media platforms.

The latest version of this plugin (3.5.3) was launched at the end of March and contained corrections for a remote code execution vulnerability and a cross-site scripting flaw; both vulnerabilities were tracked with a single key (CVE-2019-9978), as reported by cyber forensics course specialists.

Reports claim that a hacker could exploit this pair of failures to execute arbitrary PHP code and take control of a compromised web site; the purpose of this activity would be to use these sites for cryptocurrency mining or hosting malicious codes.

Reports from the International Institute of Cyber Security (IICS) mention that, shortly after the release of the Social Warfare update, a proof of concept of the exploit for the cross site scripting vulnerability was disclosed. Shortly thereafter, some hackers undertook attempts to exploit the vulnerability; it is worth noting that there is still no evidence to test the exploitation in the wild of the remote code execution vulnerability.

However, cyber forensics course specialists subsequently found some exploits aimed at these vulnerabilities; the remote code execution vulnerability allows attackers to control the compromised website, while the XSS vulnerability redirects users to an advertising website.

It is believed that around 35k WordPress sites use a non-updated version of the Social Warfare plugin, which puts in a compromising situation to a considerably higher number of users. Experts believe that this exploitation campaign is still active, so they recommend that WordPress site admins update to the latest version of Social Warfare as soon as possible to mitigate the risks of exploitation.