The critical security vulnerabilities of one of the popular social media sharing plugins – Social Warfare, was exploited by hackers in order to take control of the WordPress websites still running a vulnerable version of the plugin, used to add social share buttons.
Although a patched new version of the plugin was published in March, a security researcher published a full disclosure of how the vulnerability could be exploited. Thus, hackers can take complete control of the websites and servers, without any authentication and redirect the victims to ads websites. Also, the attackers use compromised sites to host malicious code or perform digital coin mining.
The Social Warfare plugin’s vulnerable version seems to be still used by more than 85% of the WordPress active sites, meaning that hundreds of millions of visitors are at the risk of hacking.
The only real solution is an update for the Social Warfare plugin to the newest version.