Social Warfare
Monthly
Remote code execution in the Social Warfare WordPress plugin (versions ≤ 3.5.2) allows unauthenticated attackers to run arbitrary code on the server via the 'swp_url' parameter. Publicly available exploit code exists and the issue carries a maximum CVSS 10.0 with scope change, while the EPSS score of 7.99% (92nd percentile) signals meaningfully elevated exploitation interest. The flaw was reported by Wordfence and primarily threatens WordPress sites still running this abandoned/legacy plugin version.
Remote code execution in the Social Warfare WordPress plugin (versions ≤ 3.5.2) allows unauthenticated attackers to run arbitrary code on the server via the 'swp_url' parameter. Publicly available exploit code exists and the issue carries a maximum CVSS 10.0 with scope change, while the EPSS score of 7.99% (92nd percentile) signals meaningfully elevated exploitation interest. The flaw was reported by Wordfence and primarily threatens WordPress sites still running this abandoned/legacy plugin version.