.. / CVE-2019-9978

Exploit for WordPress Social Warfare <3.5.3 - Cross-Site Scripting (CVE-2019-9978)

Description:

WordPress Social Warfare plugin before 3.5.3 contains a cross-site scripting vulnerability via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, affecting Social Warfare and Social Warfare Pro.

Nuclei Template

View the template here CVE-2019-9978.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2019/CVE-2019-9978.yaml

References:

https://www.wordfence.com/blog/2019/03/unpatched-zero-day-vulnerability-in-social-warfare-plugin-exploited-in-the-wild/
https://www.cybersecurity-help.cz/vdb/SB2019032105
https://github.com/mpgn/CVE-2019-9978
https://www.pluginvulnerabilities.com/2019/03/21/full-disclosure-of-settings-change-persistent-cross-site-scripting-xss-vulnerability-in-social-warfare/
https://nvd.nist.gov/vuln/detail/CVE-2019-9978

.. / CVE-2019-9978 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for WordPress Social Warfare <3.5.3 - Cross-Site Scripting (CVE-2019-9978)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2019-9978