cpe:/a:warfareplugins:social_warfare:2.0.4::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare:2.0.5::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare:2.0.6::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare:2.0.7::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare:2.1.0::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare:2.1.1::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare:2.1.2::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare:2.1.3::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare:2.2.0::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare:2.2.1::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare:2.2.2::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare:2.2.3::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare:2.2.4::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare:2.2.5::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare:2.2.6::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare:2.2.7::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare:2.2.8::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare:2.2.9::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare:2.2.10::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare:2.2.11::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare:2.3.0::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare:2.3.1::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare:2.3.2::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare:2.3.3::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare:2.3.4::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare:2.3.5::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare:3.0.0::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare:3.0.8::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare:3.0.9::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare:3.1.0::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare:3.1.1::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare:3.2.0::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare:3.2.1::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare:3.3.0::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare:3.3.1::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare:3.3.2::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare:3.4.0::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare:3.4.1::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare:3.4.2::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare:3.5.0::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare:3.5.1::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare:3.5.2::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare_pro:2.2.0::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare_pro:2.2.1::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare_pro:2.2.2::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare_pro:2.2.3::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare_pro:2.2.4::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare_pro:2.2.5::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare_pro:2.2.6::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare_pro:2.2.7::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare_pro:2.2.8::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare_pro:2.2.9::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare_pro:2.2.10::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare_pro:2.2.11::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare_pro:2.3.0::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare_pro:2.3.1::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare_pro:2.3.2::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare_pro:2.3.3::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare_pro:2.3.4::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare_pro:3.2.1::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare_pro:3.2.2::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare_pro:3.3.0::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare_pro:3.3.1::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare_pro:3.3.2::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare_pro:3.3.3::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare_pro:3.4.0::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare_pro:3.4.1::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare_pro:3.4.2::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare_pro:3.5.0::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare_pro:3.5.1::~~~wordpress~~ cpe:/a:warfareplugins:social_warfare_pro:3.5.2::~~~wordpress~~ CVE-2019-9978 2019-03-24T11:29:00.243-04:00 2019-05-07T14:43:33.057-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2019-05-03T08:40:23.233-04:00 EXPLOIT-DB 46794 MISC http://packetstormsecurity.com/files/152722/Wordpress-Social-Warfare-Remote-Code-Execution.html MISC https://blog.sucuri.net/2019/03/zero-day-stored-xss-in-social-warfare.html MISC https://twitter.com/warfareplugins/status/1108852747099652099 MISC https://wordpress.org/plugins/social-warfare/#developers MISC https://wpvulndb.com/vulnerabilities/9238 MISC https://www.cybersecurity-help.cz/vdb/SB2019032105 MISC https://www.pluginvulnerabilities.com/2019/03/21/full-disclosure-of-settings-change-persistent-cross-site-scripting-xss-vulnerability-in-social-warfare/ MISC https://www.wordfence.com/blog/2019/03/unpatched-zero-day-vulnerability-in-social-warfare-plugin-exploited-in-the-wild/ The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro.