Earlier today, it was announced that the popular social media sharing plugin, “Social Warfare” has been found to have a serious security vulnerability. This is a “Zero-Day” vulnerability in that the proof of concept has been released before the plugin code writers have released a secured version. The full proof of concept may be found here.
We can assure our clients that this plugin has never been installed on any of the websites we have built, so unless the site owners have installed it, there is nothing to worry about.
If you have this plugin installed, you should immediately deactivate and remove it until the plugin developers have released a fix for the vulnerability.
Our security guy, Peter, is investigating the matter further and may have more information.
The “Social Warfare” free version has been removed from the WordPress plugin repository as a result of the discovered vulnerability, but at the time of this writing, there is no information on the developer’s website. It’s estimated that over 70,000 websites have this plugin installed.