A Security Message from the Plugin Review Team

  • Alvaro Gómez

    (@mrfoxtalbot)


    5 months ago

    The www.ads-software.com Plugin Review Team was notified that a malicious actor had taken over Social Sharing Plugin – Social Warfare. As a result, versions 4.4.6.4 to 4.4.7.1 of the plugin created users with administrative privileges.

    The Plugin Review Team has disabled it and released a “clean” updated version: 4.4.7.3. Please update immediately.

    If you have used versions 4.4.6.4 to 4.4.7.1 of the Social Warfare plugin, we strongly recommend you do an in-depth review of your site’s activity and user account details.

Viewing 4 replies - 1 through 4 (of 4 total)
  • NerdPress

    (@nerdpressteam)

    Thank you!

    I am having vulnerability issues / created users with administrative privileges with 4.4.8, so it would appear this issue hasn’t been resolved.

    Thread Starter Alvaro Gómez

    (@mrfoxtalbot)

    The issue should be patched by updating to 4.4.7.3.

    @sarahsbakestudio, are you 100% sure these new users were not added (and possibly edited manually by the attacker) prior to the update?

    I am absolutely certain that the new user didn’t show up until AFTER I already had the patched update. Jetpack has been telling me that SW has vulnerabilities for the last month and I have been contacting SW weekly in regards to it, so I’ve been very watchful of new unauthorized users. The only way I can get rid of the user is by getting rid of SW.

    I could be wrong about this, but I was also under the impression that if I had unauthorized users with versions 4.4.6.4 to 4.4.7.1 (which I did not), that the updated version would have gotten rid of them AND stop future vulnerabilities.

Viewing 4 replies - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.