NVD disclosure day

Published threat advisories for March 24, 2019

CVE advisoryKnown Exploit

CVE-2019-9978

WordPress Social Warfare Plugin Cross-Site Scripting Vulnerability.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

The Social Warfare and Social Warfare Pro WordPress plugins contain a stored cross-site scripting vulnerability. This flaw could allow an attacker to inject malicious scripts, potentially leading to unauthorized actions or data compromise. This vulnerability has been exploited in the wild.

NVD published: • CISA KEV