← back
CVE-2021-4434

Social Warfare <= 3.5.2 - Remote Code Execution

CVSS 10 CRITICALEPSS 1.9%CWE-94
The Social Warfare plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 3.5.2 via the 'swp_url' parameter. This allows attackers to execute code on the server.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
warfareplugins · Social Sharing Plugin – Social Warfare
public PoCs found1
cve_referencepacketstormsecurity.com/files/163680/WordPress-Social-Warfare-3.5.2-Remote-Code-Execution.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://packetstormsecurity.com/files/163680/WordPress-Social-Warfare-3.5.2-Remote-Code-Execution.htmlhttps://www.wordfence.com/threat-intel/vulnerabilities/id/98cf2a10-cc53-4479-87d1-71489f6a8c51?source=cve