CVE-2019-9978: CVE-2019-9978

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2019-9978

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

WordPress social-warfare插件跨站脚本漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

WordPress是WordPress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。social-warfare plugin是使用在其中的一个社交平台分享插件。 WordPress social-warfare插件3.5.3之前版本中存在跨站脚本漏洞。远程攻击者可借助‘swp_url’参数利用该漏洞注入恶意的JavaScript脚本。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2019-9978

#	POC Description	Source Link	Shenlong Link
1	CVE-2019-9978 - RCE on a Wordpress plugin: Social Warfare < 3.5.3	https://github.com/mpgn/CVE-2019-9978	POC Details
2	CVE-2019-9978 - (PoC) RCE in Social WarFare Plugin (<=3.5.2)	https://github.com/hash3liZer/CVE-2019-9978	POC Details
3	Wordpress Social Warfare Remote Code Execution (AUTO UPLOAD SHELL)	https://github.com/KTN1990/CVE-2019-9978	POC Details
4	cve-2019-9978	https://github.com/cved-sources/cve-2019-9978	POC Details
5	Social WarFare Plugin (<=3.5.2) Remote Code Execution	https://github.com/d3fudd/CVE-2019-9978_Exploit	POC Details
6	Remote Code Execution in Social Warfare Plugin before 3.5.3 for Wordpress.	https://github.com/grimlockx/CVE-2019-9978	POC Details
7	python3 version of the CVE-2019-9978 exploit	https://github.com/h8handles/CVE-2019-9978-Python3	POC Details
8	None	https://github.com/20dani09/CVE-2019-9978	POC Details
9	cve-2019-9978 PoC	https://github.com/0xMoonrise/cve-2019-9978	POC Details
10	None	https://github.com/MAHajian/CVE-2019-9978	POC Details
11	A Remote Code Execution (RCE) vulnerability in the Social Warfare plugin for WordPress, affecting versions below 3.5.3.	https://github.com/echoosso/CVE-2019-9978	POC Details
12	WordPress Social Warfare plugin before 3.5.3 contains a cross-site scripting vulnerability via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, affecting Social Warfare and Social Warfare Pro.	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2019/CVE-2019-9978.yaml	POC Details
13	The `swp_debug` parameter in `admin-post.php` allows remote attackers to include external files containing malicious PHP code, which are evaluated on the server. By supplying a crafted URL that hosts a reverse shell payload, an attacker can gain command execution.	https://github.com/Housma/CVE-2019-9978-Social-Warfare-WordPress-Plugin-RCE	POC Details
14	payload txt	https://github.com/xxoprt/payloadCVE-2019-9978	POC Details
15	A custom Python proof-of-concept showcasing root-cause analysis and exploitation of CVE 2019-9978 (Social Warfare plugin),focusing on practical RFI to RCE attack flow.	https://github.com/Vaidehim55/CVE-2019-9978-RCE-PoC	POC Details
16	POC (RCE) -> CVE-2019-9978	https://github.com/yup-Ivan/CVE-2019-9978	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2019-9978

Please Login to view more intelligence information

https://twitter.com/warfareplugins/status/1108852747099652099x_refsource_MISC
https://blog.sucuri.net/2019/03/zero-day-stored-xss-in-social-warfare.htmlx_refsource_MISC
https://wordpress.org/plugins/social-warfare/#developersx_refsource_MISC
https://wpvulndb.com/vulnerabilities/9238x_refsource_MISC
http://packetstormsecurity.com/files/152722/Wordpress-Social-Warfare-Remote-Code-Execution.htmlx_refsource_MISC
https://www.pluginvulnerabilities.com/2019/03/21/full-disclosure-of-settings-change-persistent-cross-site-scripting-xss-vulnerability-in-social-warfare/x_refsource_MISC
https://www.wordfence.com/blog/2019/03/unpatched-zero-day-vulnerability-in-social-warfare-plugin-exploited-in-the-wild/x_refsource_MISC
https://www.cybersecurity-help.cz/vdb/SB2019032105x_refsource_MISC
http://packetstormsecurity.com/files/163680/WordPress-Social-Warfare-3.5.2-Remote-Code-Execution.htmlx_refsource_MISC
https://www.exploit-db.com/exploits/46794/exploitx_refsource_EXPLOIT-DB
https://nvd.nist.gov/vuln/detail/CVE-2019-9978

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2019-9978

Anonymous User

2025-09-09 10:09:40

Venture into the epic sandbox of EVE Online. Shape your destiny today. Conquer alongside millions of pilots worldwide. <a href=https://www.eveonline.com/signup?invc=46758c20-63e3-4816-aa0e-f91cff26ade4>Download free</a>

Anonymous User

2026-01-15 06:09:48

Zaproxy alias impedit expedita quisquam pariatur exercitationem. Nemo rerum eveniet dolores rem quia dignissimos.

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2019-9978

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2019-9978

III. Intelligence Information for CVE-2019-9978

IV. Related Vulnerabilities

V. Comments for CVE-2019-9978

Anonymous User

Anonymous User

Leave a comment