Description
WordPress Plugin Social Sharing-Social Warfare contains malicous code. Exploiting this issue may allow an attacker to create a new administrative user account, thus compromising the affected application, and possibly the webserver or computer. WordPress Plugin Social Sharing-Social Warfare versions 4.4.6.4 - 4.4.7.1 are affected.
Remediation
Update to plugin version 4.4.7.3 or latest
References
https://wordpress.org/support/topic/a-security-message-from-the-plugin-review-team/
https://plugins.svn.wordpress.org/social-warfare/trunk/readme.txt
Related Vulnerabilities
PrestaShop Incorrect Authorization Vulnerability (CVE-2020-5288)
WordPress Plugin Jetpack-WP Security, Backup, Speed, & Growth Cross-Site Scripting (3.9.1)
WordPress Plugin CM Footnotes Cross-Site Scripting (1.1.4)
WordPress Plugin Multisite Plugin Manager Multiple Cross-Site Scripting Vulnerabilities (3.1.1)