Exploits in the Wild for WordPress Social Warfare Plugin CVE-2019-9978

Unit 42 releases new details on two vulnerabilities in Social Warfare (CVE-2019-9978). Both vulnerabilities are present in all versions of Social Warfare prior to 3.5.3: an estimated 42,000 websites are potentially vulnerable. Unit 42 researchers found five compromised sites actively used for hosting malicious exploit code, which allows the attackers to control more websites. In this blog post we provide new details on the root cause of the vulnerabilities, proof of concept code (PoC) to demonstrate the vulnerability, and information on attacks we observed in the wild as well as the scope of vulnerable sites.