CVE-2019-9978 is a remote code execution vulnerability that affected versions of the Social Warfare plugin for WordPress up to and including version 3.5.2. This vulnerability allowed an attacker to execute arbitrary code on a vulnerable website by exploiting a vulnerability in the plugin's REST API.
The vulnerability was caused by the plugin's failure to properly validate user input, specifically the 'id' parameter in the plugin's social-warfare/public/api/social-warfare-share-image.php file. An attacker could send a specially crafted request to this endpoint and include malicious code in the 'id' parameter, which would then be executed on the server.
The vulnerability was caused by the plugin's failure to properly validate user input, specifically the 'id' parameter in the plugin's social-warfare/public/api/social-warfare-share-image.php file. An attacker could send a specially crafted request to this endpoint and include malicious code in the 'id' parameter, which would then be executed on the server.
