Zero-Day Stored XSS in Social Warfare
A zero-day vulnerability has just appeared in the WordPress plugin world, affecting over 70,000 sites using the Social Warfare plugin.
The plugin is vulnerable to a Stored XSS (Cross-Site Scripting) vulnerability and has been removed from the plugin repository. Attacks can be conducted by any users visiting the site.
A patch has been released and users are advised to update to version 3.5.3 as soon as possible.
What Is It All About?