MainWP Blog

Social Warfare Plugin Vulnerability
Tips & Tricks
Sebastian Moran

Social Warfare Plugin Vulnerability Temp Deactivate Now

If you are using the Social Warfare plugin on any child sites (including the pro version of the plugin), deactivate the plugin on any child sites and wait for an update to be released. Wordfence has more about the issue in the plugin, which states that it is a stored Cross-Site Scripting (XSS) vulnerability.  Sucuri also put out a post about the specific issue. Wordfence has updated the original post to include more information about the attack and what exactly was happening. The plugins downloads have been temporarily closed at WordPress.org. The only other information about the issue is that

Easy WP SMTP Plugin Vulnerability Update Immediately
Tips & Tricks
Sebastian Moran

Easy WP SMTP Plugin Vulnerability Update Immediately

If you are using the plugin Easy WP SMTP for sending site emails using SMTP, make sure that you update to version 1.3.9.1. Do not delay updating any of your child sites, as using the unfixed version of the plugin gives your child site a high chance of being hacked. For more information about the critical zero-day vulnerability issue in Easy WP SMTP plugin, you can read this post. WPScan also has more information. The hack will take the form of an admin user being created, due to a vulnerability in the older unpatched version of the plugin. The siteurl

Looking for something?