22 March 19, 18:32
Quote:The plugin, Social Warfare, is no longer listed after a cross site scripting flaw was found being exploited in the wild.
A popular WordPress plugin is urging users to update as soon as possible after it patched a vulnerability that was being exploited in the wild. If users cannot update, developers recommended they disable the plugin.
The plugin, Social Warfare, lets users add social media sharing buttons to their websites. Social Warfare has an active install base of over 70,000 sites and over 805,000 downloads. Wordfence said that the most recent version of the plugin (3.5.2) was plagued by a stored cross-site scripting vulnerability. Worse, researchers have identified attacks in the wild against the vulnerability.
“The flaw allows attackers to inject malicious JavaScript code into the social share links present on a site’s posts,” said Mikey Veenstra with Wordfence in a Thursday post.
SOURCE: https://threatpost.com/wordpress-plugin-...ed/143051/