Zero-Day Stored XSS in Social Warfare

Zero-Day Stored XSS in Social WarfareA zero-day vulnerability has just appeared in the WordPress plugin world, affecting over 70,000 sites using the Social Warfare plugin.

The plugin is vulnerable to a Stored XSS (Cross-Site Scripting) vulnerability and has been removed from the plugin repository. Attacks can be conducted by any users visiting the site.

The plugin authors have released a patch and users are advised to update to version 3.5.3 as soon as possible.

Continue reading Zero-Day Stored XSS in Social Warfare at Sucuri Blog.

Source: Scuri check