Source evidence

A Security Message from the Plugin Review Team

Social Sharing Plugin – Social Warfare · support · 2024-06-24T10:26:00+00:00

Social Sharing Plugin – Social Warfare plugin evidence original source source API

complaintsentiment

highseverity

0.96relevance

4replies

Evidence linked to opportunitycommercial context

Proof Health

Open evidence

Commercial opportunities need traceable source links before they are treated as build-worthy.

3 / 28 rows with source links

10.7% of this page's analysis has direct source links.

0 build-decision rows missing links

0 rows here require auditable proof before promotion.

25 rows with no attached evidence

0 rows have source counts but still need direct links.

Conversation

support

Alvaro Gómez unresolved

The WordPress.org Plugin Review Team was notified that a malicious actor had taken over Social Sharing Plugin – Social Warfare. As a result, versions 4.4.6.4 to 4.4.7.1 of the plugin created users with administrative privileges. The Plugin Review Team has disabled it and released a “clean” updated version: 4.4.7.3. Please update immediately . If you have used versions 4.4.6.4 to 4.4.7.1 of the Social Warfare plugin, we strongly recommend you do an in-depth review of your site’s activity and user account details. This topic was modified 1 year, 11 months ago by Alvaro Gómez . Thank you! I am having vulnerability issues / created users with administrative privileges with 4.4.8, so it would appear this issue hasn’t been resolved. The issue should be patched by updating to 4.4.7.3. @sarahsbakestudio , are you 100% sure these new users were not added (and possibly edited manually by the attacker) prior to the update? I am absolutely certain that the new user didn’t show up until AFTER I already had the patched update. Jetpack has been telling me that SW has vulnerabilities for the last month and I have been contacting SW weekly in regards to it, so I’ve been very watchful of new unauthorized users. The only way I can get rid of the user is by getting rid of SW. I could be wrong about this, but I was also under the impression that if I had unauthorized users with versions 4.4.6.4 to 4.4.7.1 (which I did not), that the updated version would have gotten rid of them AND stop future vulnerabilities.

Commercial Context

Opportunity

onsite conversion and engagement operations

Share Buttons conversion widget assurance for turning onsite engagement widgets into measurable leads, trust, and conversions

Buyer: marketing teams, agencies, publishers, and ecommerce operators

Wedge: audit share buttons display rules, lead capture, trust signals, and campaign attribution

Investigate Pain card complete market

Analysis

heuristic-v1

Summary: A Security Message from the Plugin Review Team: users show security, bugs, support pain that may indicate a product gap.

Evidence quote: A Security Message from the Plugin Review Team The WordPress.org Plugin Review Team was notified that a malicious actor had taken over Social Sharing Plugin – Social Warfare.

Affected feature: security

security bugs support support

Plugin

API

Social Sharing Plugin – Social Warfare

20.0K active installs · 1.9M downloads · rating 66.0

floating-share-buttons share buttons sharing buttons social media share social sharing plugin

Comments

4 shown

NerdPress 2024-06-24T17:43:00+00:00

Thank you!

sarahsbakestudio 2024-07-27T21:25:00+00:00

I am having vulnerability issues / created users with administrative privileges with 4.4.8, so it would appear this issue hasn’t been resolved.

Alvaro Gómez 2024-07-28T11:13:00+00:00

The issue should be patched by updating to 4.4.7.3. @sarahsbakestudio , are you 100% sure these new users were not added (and possibly edited manually by the attacker) prior to the update?

sarahsbakestudio 2024-07-28T17:48:00+00:00

I am absolutely certain that the new user didn’t show up until AFTER I already had the patched update. Jetpack has been telling me that SW has vulnerabilities for the last month and I have been contacting SW weekly in regards to it, so I’ve been very watchful of new unauthorized users. The only way I can get rid of the user is by getting rid of SW. I could be wrong about this, but I was also under the impression that if I had unauthorized users with versions 4.4.6.4 to 4.4.7.1 (which I did not), that the updated version would have gotten rid of them AND stop future vulnerabilities.