Cyber forensics course specialists report an active campaign to exploit two critical vulnerabilities in Social Warfare, one of the most used social media plugins, to take control over WordPress websites that use a non updated version of this plugin.
Social Warfare is a plugin widely used by
WordPress site administrators and has been downloaded almost a million times.
Its main function is adding buttons to pages to share content on social media
platforms.
The latest version of this plugin (3.5.3) was
launched at the end of March and contained corrections for a remote code
execution vulnerability and a cross-site scripting flaw; both vulnerabilities
were tracked with a single key (CVE-2019-9978), as reported by cyber forensics
course specialists.
Reports claim that a hacker could exploit this
pair of failures to execute arbitrary PHP code and take control of a compromised
web site; the purpose of this activity would be to use these sites for
cryptocurrency mining or hosting malicious codes.
Reports from the International Institute of Cyber
Security (IICS) mention that, shortly after the release of the Social Warfare
update, a proof of concept of the exploit for the cross site scripting
vulnerability was disclosed. Shortly thereafter, some hackers undertook
attempts to exploit the vulnerability; it is worth noting that there is still
no evidence to test the exploitation in the wild of the remote code execution
vulnerability.
However, cyber forensics course specialists
subsequently found some exploits aimed at these vulnerabilities; the remote code
execution vulnerability allows attackers to control the compromised website,
while the XSS
vulnerability redirects users to an advertising website.
It is believed that around 35k WordPress sites
use a non-updated version of the Social Warfare plugin, which puts in a
compromising situation to a considerably higher number of users. Experts
believe that this exploitation campaign is still active, so they recommend that
WordPress site admins update to the latest version of Social Warfare as soon as
possible to mitigate the risks of exploitation.
