Social Warfare announced via Twitter on March 21, 2019, a new version 3.5.3 was released due to a cross-site scripting (XSS) WordPress vulnerability that was discovered yesterday. The social sharing plugin allows users to share social media links in the form of buttons on their website and comments, making it easier for their readers’ to quickly access the websites’ social media pages.
The XSS vulnerability identified allows attackers to inject JavsScript code into social share links which affects over 70,000 active users. This zero-day WordPress vulnerability follows a zero-day security flaw that was discovered and fixed in WordPress Easy WP SMTP plugin, on March 18, 2019.
All users are strongly urged to update the latest version 3.5.3 to avoid potential malicious redirects on their social media links.
WordPress sites protected with SiteLock INFINITY are already protected as a result of the product’s daily automated malware scans, core CMS security patches, and database protection. Get more information on INFINITY today! We’re available 24/7 via phone, email, or live chat to help.