Multiple vulnerabilities have been discovered in the WordPress Social Warfare Plugin, the most severe of which could allow for remote code execution. WordPress is a web-based publishing application implemented in PHP, and the Social Warfare Plugin allows users to add social sharing buttons to their content. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution with elevated privileges.
Wordfence has not yet observed RCE activity, but expects new attacks based on the details of the vulnerabilities being published. The developers of the plugin confirmed active exploitation of the plugin's stored cross site scripting vulnerability in the wild in March 2019
- WordPress Social Warfare Plugin versions 3.5.1 and 3.5.2
Multiple vulnerabilities have been discovered in the WordPress Social Warfare Plugin, the most severe of which could allow for remote code execution. This vulnerability exists because the site configuration migration script directly executes attacker-controlled options as PHP code through the use of the PHP eval() function. An unauthenticated attacker can control the options by submitting a request to the script referencing a malicious configuration file. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution with elevated privileges that could allow the attacker to add administrative users, backdoors, execute system commands, or perform other malicious activity.
- Verify no unauthorized system modifications have occurred on system before applying patch.
- After appropriate testing, immediately apply updates provided by WordPress manually to affected systems.
- Apply the Principle of Least Privilege to all systems and services.
- Monitor intrusion detection systems for any signs of anomalous activity.
- Unless required, limit external network access to affected products.