cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-6297,https://securityvulnerability.io/vulnerability/CVE-2024-6297,Malicious PHP Scripts Injected into Compromised WordPress Plugins,"A significant vulnerability has emerged involving several WordPress plugins that have been compromised through malicious code injection. This vulnerability has permitted threat actors to alter the source code of multiple plugins, embedding harmful PHP scripts designed to exfiltrate sensitive database credentials. Furthermore, the compromised plugins are enabling the creation of unauthorized administrator users, thereby escalating the potential for data breaches and further exploitation. Currently, many affected plugins have not been remediated, and it is strongly advised to uninstall these plugins and conduct thorough malware scans to ensure the integrity of websites.",Wordpress,"Social Sharing Plugin – Social Warfare,Contact Form 7 Multi-step Addon,Simply Show Hooks,Wrapper Link Elementor,Blaze Retail Widget",10,CRITICAL,0.0004400000034365803,false,,false,false,false,,false,false,2024-06-25T03:30:37.970Z,0
CVE-2024-1959,https://securityvulnerability.io/vulnerability/CVE-2024-1959,Stored Cross-Site Scripting in Social Warfare Plugin for WordPress,"The Social Warfare plugin for WordPress is susceptible to a Stored Cross-Site Scripting vulnerability through the 'socialWarfare' shortcode due to inadequate input sanitization and output escaping of user-supplied attributes. This flaw allows authenticated attackers with contributor-level permissions or higher to inject malicious scripts into pages, leading to potential execution whenever users access those compromised pages. It is vital for website administrators using the affected versions to implement immediate security measures to mitigate this threat.",Wordpress,Social Sharing Plugin – Social Warfare,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-02T16:51:45.942Z,0
CVE-2021-4434,https://securityvulnerability.io/vulnerability/CVE-2021-4434,Remote Code Execution Vulnerability in Social Warfare Plugin for WordPress,"The Social Warfare plugin for WordPress presents a significant security issue due to a vulnerability that enables Remote Code Execution. This flaw, affecting versions up to 3.5.2, arises from improper handling of the 'swp_url' parameter, allowing attackers to inject and execute malicious code on the server hosting the affected website. Exploitation of this vulnerability could lead to complete compromise of the targeted WordPress installation, making it critical for site owners to update to the latest version or apply necessary patches to mitigate potential risks.",Wordpress,Social Sharing Plugin – Social Warfare,9.8,CRITICAL,0.04656999930739403,false,,false,false,false,,false,false,2024-01-17T08:31:03.955Z,0
CVE-2023-4842,https://securityvulnerability.io/vulnerability/CVE-2023-4842,Stored Cross-Site Scripting Vulnerability in Social Warfare Plugin for WordPress,"The Social Warfare plugin for WordPress has been found to be vulnerable to Stored Cross-Site Scripting via the 'social_warfare' shortcode, affecting versions up to and including 4.4.3. This vulnerability arises from inadequate input sanitization and output escaping of user-supplied attributes. Authenticated attackers with contributor-level permissions or higher can exploit this weakness to inject malicious web scripts into pages, which will execute when other users visit the compromised pages. This exposure highlights the importance of secure coding practices, particularly around user inputs in web applications.",Wordpress,Social Sharing Plugin – Social Warfare,5.4,MEDIUM,0.0006699999794363976,false,,false,false,false,,false,false,2023-11-07T12:15:00.000Z,0
CVE-2023-0402,https://securityvulnerability.io/vulnerability/CVE-2023-0402,Authorization Bypass in Social Warfare Plugin for WordPress,"The Social Warfare plugin for WordPress has a significant vulnerability that allows authenticated users with minimal permissions to bypass authorization controls. Specifically, a missing capability check on several AJAX actions enables these users to delete post meta information and reset network access tokens. This flaw affects versions of the plugin up to and including 4.3.0, making it critical for site administrators to apply updates promptly to safeguard against unauthorized actions.",Wordpress,Social Sharing Plugin – Social Warfare,5.4,MEDIUM,0.0008399999933317304,false,,false,false,false,,false,false,2023-01-19T15:15:00.000Z,0
CVE-2023-0403,https://securityvulnerability.io/vulnerability/CVE-2023-0403,Cross-Site Request Forgery in Social Warfare Plugin for WordPress,"The Social Warfare plugin for WordPress is susceptible to Cross-Site Request Forgery due to inadequate nonce validation in its AJAX functions. This vulnerability allows unauthenticated attackers to manipulate post meta information and reset network access tokens, provided they can deceive an administrator into executing certain actions, such as clicking a compromised link.",Wordpress,Social Sharing Plugin – Social Warfare,5.4,MEDIUM,0.0008200000156648457,false,,false,false,false,,false,false,2023-01-19T15:15:00.000Z,0