Support » Plugin: WordPress Social Sharing Plugin - Social Warfare » Malware into new update!

  • Resolved noodweerenelux

    (@noodweerenelux)


    Unbelievable. You pay for a premium plugin and all of a sudden the plugin get’s injected with suspicious malware towards strange sites!

    Deactivated this plugin en will not renew my subscription omg.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author holas84

    (@holas84)

    We found out about this just over 2 hours ago and started working frantically on a solution. We have now patched both the vulnerability and have made it so that any affected sites will be automatically fixed immediately upon installing 3.5.3. We just published this version about 10 minutes ago that will immediately fix this issue. It won’t be available until WordPress reviews the new version and reactivates the plugin.

    In the mean time, you can get the fixed version directly from our website here:
    https://warfareplugins.com/updates/social-warfare/social-warfare.zip

    We are super upset and distressed about this, as I’m sure you can all imagine. Hackers suck and it’s horrible that we live in a world where people do this. But at the end of the day, it was still our fault for having the vulnerability for them to be able to take advantage of. We’re more sorry about this whole ordeal than any of you could possibly imagine, and we’re thankful for a lot of the support and wonderful kindness that the vast majority of you have sent our way during this.

    Plugin Contributor Christine

    (@cdegraff1)

    On the afternoon of March 21, 2019, we were made aware of Zero-Day vulnerability affecting websites using the Social Warfare plugin.

    Our development team has submitted Social Warfare V3.5.3 to the WordPress update-repository, which addresses this vulnerability and undoes any changes it makes. Please log-in to your WordPress dashboard and apply this update as soon as possible.

    You can also manually download and install these updates directly via these links:

    Social Warfare:
    https://warfareplugins.com/updates/social-warfare/social-warfare.zip

    Social Warfare Pro:
    https://warfareplugins.com/updates/social-warfare-pro/social-warfare-pro.zip

    If you are not able to immediately apply this update we recommend that you disable Social Warfare and Social Warfare Pro until you can apply the V3.5.3 update.

    Do we need to delete something in database table? Are the malicious eval() is still in the database after installed new updated plugin or we need to delete manual that malicious eval? If we need to delete it can you tell us how to do that?

    Plugin Contributor Christine

    (@cdegraff1)

    No, our fix deletes it for you.

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    Hi! I’m closing this topic for a few reasons.

    1. The original poster is a premium user. While they can leave a review here, as that’s allowed for upsell plugins like this one, premium users can’t post for support here. That’s not allowed.

      https://wordpress.org/support/guidelines/#do-not-post-about-commercial-products

    2. This topic is a pile on. I’ve archived the replies. Some of the replies were just plain venting and more than a little pissed off. That’s understandable to a point but not productive or for these forums.

      If you legitimately need help, if you are are not a customer of this plugin, if you are a user of the plugin from the WordPress repo then you can start your own topic for help.

      https://wordpress.org/support/plugin/social-warfare/#new-post

      That’s how these forums work. If you need support then per the forum guidelines please start your own topic.

      https://wordpress.org/support/forum-user-guide/faq/#i-have-the-same-problem-can-i-just-reply-to-someone-elses-post-with-me-too

    3. If you are a customer then contact the author on their own site. Not here.

    4. This plugin has been updated with the fix. If you have not already, update now.

    5. If you are concerned that you’ve been hacked then give this a read to delouse your WordPress installation.

      https://wordpress.org/support/article/faq-my-site-was-hacked/

      When you have successfully deloused your site then consider giving this a read too.

      https://wordpress.org/support/article/hardening-wordpress/

    6. If you do leave a review then USE YOUR WORDS. Being upset is understandable but no one here is anyone’s punching bag. Keep it to the facts and leave name calling out of it.

    *Re-reads.*

    I’ll be surprised if the formatting works but that’s it for this topic and post.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Malware into new update!’ is closed to new replies.