Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Flaws in Social Warfare plugin actively exploited in the wild

Experts uncovered hacking campaigns exploiting two critical security vulnerabilities in the popular WordPress plugin Social Warfare. Social Warfare is a popular ùWordPress plugin with more than 900,000 downloads, it allows to add social share buttons to a WordPress website. Experts uncovered hacking campaigns exploiting two critical security vulnerabilities in the Social Warfare plugin to take […]

Social Warfare zero-day PoC

Experts uncovered hacking campaigns exploiting two critical security vulnerabilities in the popular WordPress plugin Social Warfare.

Social Warfare is a popular ùWordPress plugin with more than 900,000 downloads, it allows to add social share buttons to a WordPress website.

Experts uncovered hacking campaigns exploiting two critical security vulnerabilities in the Social Warfare plugin to take control over WordPress websites using it.

At the end of March, experts found a Cross-Site Scripting (XSS) vulnerability in Social Warfare installations (v3.5.1 and v3.5.2) that is actively exploited to add malicious redirects.

Maintainers of Social Warfare for WordPress also addressed a remote code execution (RCE), both issues were tracked as CVE-2019-9978.

The issue in the WordPress plugin has been fixed with the release of the 3.5.3 version of the plugin. In the same day, an unnamed security researcher published technical details of the flaw and a proof-of-concept exploit for the stored Cross-Site Scripting (XSS) vulnerability.

Experts pointed out that attackers can exploit the vulnerabilities to take complete control over websites and servers and use them for malicious purposed, such as mining cryptocurrency or deliver malware.

The availability of the exploit code allowed attackers attempting to exploit the vulnerability, but hackers were only able to inject JavaScript code to redirect users to malicious sites.

Experts at Palo Alto Network discovered several exploits for both vulnerabilities in the wild, including an exploit for the RCE one.

“We also caught several samples exploiting these vulnerabilities in the wild,” reads a blog post published by PaloAlto Network Unit42 researchers. “Figure 5 shows a POST request from one of the samples: “

Social Warfare zero-day PoC

The root cause of both flaws is the misuse of the is_admin() function in WordPress.

“The root cause of each of these two vulnerabilities is the same: the misuse of the is_admin() function in WordPress,” the researchers say in a blog post. “Is_admin only checks if the requested page is part of admin interface and won’t prevent any unauthorized visit.”

Experts found about 40,000 sites that are using the Social Warfare plugin, most of which are running a vulnerable version.

Vulnerable websites belong to many industries, such as education, finance sites, and news, experts highlighted that many of these sites receive high traffic.

“There are many exploits in the wild for the Social Warfare plugin and it is likely they will continue to be used maliciously. Since over 75 million websites are using WordPress and many of the high traffic WordPress websites are using the Social Warfare plugin, the users of those websites could be exposed to malware, phishing pages or miners.” concludes PaloAlto Network. “Website administrators should to update the Social Warfare plugin to 3.5.3 or newer version.”

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – WordPress, Social Warfare plugin)

[adrotate banner=”5″]

[adrotate banner=”13″]