Vulnerabilities (CVE)

Filtered by vendor Warfareplugins Subscribe
Filtered by product Social Warfare
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-0403 1 Warfareplugins 1 Social Warfare 2023-01-25 N/A 5.4 MEDIUM
The Social Warfare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.0. This is due to missing or incorrect nonce validation on several AJAX actions. This makes it possible for unauthenticated attackers to delete post meta information and reset network access tokens, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2023-0402 1 Warfareplugins 1 Social Warfare 2023-01-25 N/A 5.4 MEDIUM
The Social Warfare plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several AJAX actions in versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete post meta information and reset network access tokens.
CVE-2019-9978 1 Warfareplugins 2 Social Warfare, Social Warfare Pro 2021-07-30 4.3 MEDIUM 6.1 MEDIUM
The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro.