CVE-2021-4434

The Social Warfare plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 3.5.2 via the 'swp_url' parameter. This allows attackers to execute code on the server.
Configurations

Configuration 1 (hide)

cpe:2.3:a:warfareplugins:social_warfare:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 06:37

Type Values Removed Values Added
References () https://packetstormsecurity.com/files/163680/WordPress-Social-Warfare-3.5.2-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry () https://packetstormsecurity.com/files/163680/WordPress-Social-Warfare-3.5.2-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/98cf2a10-cc53-4479-87d1-71489f6a8c51?source=cve - Third Party Advisory () https://www.wordfence.com/threat-intel/vulnerabilities/id/98cf2a10-cc53-4479-87d1-71489f6a8c51?source=cve - Third Party Advisory
CVSS v2 : unknown
v3 : 9.8
v2 : unknown
v3 : 10.0

21 Oct 2024, 12:35

Type Values Removed Values Added
CWE CWE-94

24 Jan 2024, 16:02

Type Values Removed Values Added
CPE cpe:2.3:a:warfareplugins:social_warfare:*:*:*:*:*:wordpress:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/98cf2a10-cc53-4479-87d1-71489f6a8c51?source=cve - () https://www.wordfence.com/threat-intel/vulnerabilities/id/98cf2a10-cc53-4479-87d1-71489f6a8c51?source=cve - Third Party Advisory
References () https://packetstormsecurity.com/files/163680/WordPress-Social-Warfare-3.5.2-Remote-Code-Execution.html - () https://packetstormsecurity.com/files/163680/WordPress-Social-Warfare-3.5.2-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry
CWE NVD-CWE-noinfo
First Time Warfareplugins
Warfareplugins social Warfare

17 Jan 2024, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-17 09:15

Updated : 2024-11-21 06:37


NVD link : CVE-2021-4434

Mitre link : CVE-2021-4434

CVE.ORG link : CVE-2021-4434


JSON object : View

Products Affected

warfareplugins

  • social_warfare
CWE
NVD-CWE-noinfo CWE-94

Improper Control of Generation of Code ('Code Injection')