Full Disclosure mailing list archives

Exploit CVE-2019-9978: Remote Code Execution in Social Warfare WordPress Plugin (<= 3.5.2)

From: Housma mardini <housma () gmail com>
Date: Fri, 30 May 2025 13:31:42 +0400

Hi,

I am submitting an exploit for *CVE-2019-9978*, a remote code execution
vulnerability in the Social Warfare WordPress plugin (version <= 3.5.2).

*Exploit Title*: CVE-2019-9978: Remote Code Execution in Social Warfare
WordPress Plugin (<= 3.5.2)

*Date*: 2025-05-20

*Exploit Author*: Huseyin Mardinli

*Vendor Homepage*: https://warfareplugins.com/

*Software Link*: https://wordpress.org/plugins/social-warfare/

*Version*: <= 3.5.2

*Tested on*: Apache, Ubuntu 20.04

*CVE*: CVE-2019-9978

Please find the attached Python exploit code for this vulnerability.

Best regards,
Huseyin Mardinli

Attachment: exploit (1).py
Description:

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Current thread:

Exploit CVE-2019-9978: Remote Code Execution in Social Warfare WordPress Plugin (<= 3.5.2) Housma mardini (Jun 03)