VYPR

Social Warfare

by WordPress

Source repositories

CVEs (9)

  • CVE-2021-4434CriJan 17, 2024
    risk 0.65cvss 10.0epss 0.02

    The Social Warfare plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 3.5.2 via the 'swp_url' parameter. This allows attackers to execute code on the server.

  • CVE-2019-9978MedKEVMar 24, 2019
    risk 0.61cvss 6.1epss 0.74

    The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro.

  • CVE-2024-6297CriJun 25, 2024
    risk 0.58cvss 10.0epss 0.01

    Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new,…

  • CVE-2025-26973MedFeb 22, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WarfarePlugins Social Warfare social-warfare allows DOM-Based XSS.This issue affects Social Warfare: from n/a through <= 4.5.5.

  • CVE-2024-1959MedMay 2, 2024
    risk 0.42cvss 6.4epss 0.00

    The Social Sharing Plugin – Social Warfare plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'socialWarfare' shortcode in all versions up to, and including, 4.4.6.1 due to insufficient input sanitization and output escaping on user supplied…

  • CVE-2023-4842MedNov 7, 2023
    risk 0.35cvss 6.4epss 0.01

    The Social Sharing Plugin - Social Warfare plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'social_warfare' shortcode in versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes…

  • CVE-2023-0403MedJan 19, 2023
    risk 0.35cvss 5.4epss 0.00

    The Social Warfare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.1. This is due to missing or incorrect nonce validation on several AJAX actions. This makes it possible for unauthenticated attackers to delete post meta…

  • CVE-2023-0402MedJan 19, 2023
    risk 0.35cvss 5.4epss 0.01

    The Social Warfare plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several AJAX actions in versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to…

  • CVE-2024-34825MedMay 14, 2024
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Warfare Plugins Social Warfare.This issue affects Social Warfare: from n/a through 4.4.5.1.