Lucene search

[email protected]CVE-2021-4434

HistoryJan 17, 2024 - 9:15 a.m.

CVE-2021-4434

2024-01-1709:15:25

[email protected]

web.nvd.nist.gov

cve-2021-4434

social warfare plugin

wordpress

remote code execution

vulnerability

nvd

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.017 Low

EPSS

Percentile

87.9%

JSON

The Social Warfare plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 3.5.2 via the ‘swp_url’ parameter. This allows attackers to execute code on the server.

Affected configurations

Vulners

NVD

Node

warfarepluginssocial_warfareRange<3.5.3

VendorProductVersionCPE
warfarepluginssocial_warfare*cpe:2.3:a:warfareplugins:social_warfare:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
warfareplugins	social_warfare	*	cpe:2.3:a:warfareplugins:social_warfare::::::::

CNA Affected

[
  {
    "vendor": "warfareplugins",
    "product": "Social Sharing Plugin – Social Warfare",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThan": "3.5.3",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

packetstormsecurity.com/files/163680/WordPress-Social-Warfare-3.5.2-Remote-Code-Execution.html

www.wordfence.com/threat-intel/vulnerabilities/id/98cf2a10-cc53-4479-87d1-71489f6a8c51?source=cve

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.017 Low

EPSS

Percentile

87.9%

JSON

Related for CVE-2021-4434

nvd1 prion1 cvelist1