WordPress’ Social Share Plugin Exploited
Threat Level: 3
WordPress, which is the most popular open source Content Management System, is dealing with the aftermath of a hack that affected one of their most used plugins, Social Warfare. To give you an idea of how popular the Social Warfare plugin is, it has accumulated more than 900,000 downloads. These hacking campaigns are exploiting two security vulnerabilities that are critical to the involvement of WordPress websites.
The first vulnerability is a Cross-Site Scripting (XSS) that was found in Social Warfare installations (v3.5.1 and v3.5.2) and is intended to add malicious redirects. The other security vulnerability was a remote code execution (RCE). With the release of the 3.5.3 version of the Social Warfare plugin, there is now a solution to these issues.
Since many websites are still using an outdated version of the Social Warfare plugin, it is highly recommended to update either to the 3.5.3 version or a newer version as soon as possible. If not, these hackers will continue to target WordPress users and jeopardize their privacy and security.