ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Social Warfare plugin <= 3.5.2 - Unauthenticated Remote Code Execution (RCE) vulnerability

Product
Social Warfare
Description
Unauthenticated Remote Code Execution (RCE) vulnerability found by Luka Sikic in WordPress Social Warfare plugin (versions <= 3.5.2).
Solution
Update the WordPress Social Warfare plugin to the latest available version (at least 3.5.3).
Classification
Type Unknown
OWASP Top 10 A1: Injection
References
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <= 3.5.2
Fixed In 3.5.3
Disclosure date
2019-04-24
Credits
Luka Sikic
Submitter
ThreatPress