CVE-2019-9978

KEV EPSS 87.65% · P99 Updated Feb 24, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2019-9978

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

WordPress social-warfare插件跨站脚本漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

WordPress是WordPress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。social-warfare plugin是使用在其中的一个社交平台分享插件。 WordPress social-warfare插件3.5.3之前版本中存在跨站脚本漏洞。远程攻击者可借助‘swp_url’参数利用该漏洞注入恶意的JavaScript脚本。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2019-9978

#	POC Description	Source Link	Shenlong Link
1	CVE-2019-9978 - RCE on a Wordpress plugin: Social Warfare < 3.5.3	https://github.com/mpgn/CVE-2019-9978	POC Details
2	CVE-2019-9978 - (PoC) RCE in Social WarFare Plugin (<=3.5.2)	https://github.com/hash3liZer/CVE-2019-9978	POC Details
3	Wordpress Social Warfare Remote Code Execution (AUTO UPLOAD SHELL)	https://github.com/KTN1990/CVE-2019-9978	POC Details
4	cve-2019-9978	https://github.com/cved-sources/cve-2019-9978	POC Details
5	Social WarFare Plugin (<=3.5.2) Remote Code Execution	https://github.com/d3fudd/CVE-2019-9978_Exploit	POC Details
6	Remote Code Execution in Social Warfare Plugin before 3.5.3 for Wordpress.	https://github.com/grimlockx/CVE-2019-9978	POC Details
7	python3 version of the CVE-2019-9978 exploit	https://github.com/h8handles/CVE-2019-9978-Python3	POC Details
8	None	https://github.com/20dani09/CVE-2019-9978	POC Details
9	cve-2019-9978 PoC	https://github.com/0xMoonrise/cve-2019-9978	POC Details
10	None	https://github.com/MAHajian/CVE-2019-9978	POC Details
11	A Remote Code Execution (RCE) vulnerability in the Social Warfare plugin for WordPress, affecting versions below 3.5.3.	https://github.com/echoosso/CVE-2019-9978	POC Details
12	WordPress Social Warfare plugin before 3.5.3 contains a cross-site scripting vulnerability via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, affecting Social Warfare and Social Warfare Pro.	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2019/CVE-2019-9978.yaml	POC Details
13	The `swp_debug` parameter in `admin-post.php` allows remote attackers to include external files containing malicious PHP code, which are evaluated on the server. By supplying a crafted URL that hosts a reverse shell payload, an attacker can gain command execution.	https://github.com/Housma/CVE-2019-9978-Social-Warfare-WordPress-Plugin-RCE	POC Details
14	payload txt	https://github.com/xxoprt/payloadCVE-2019-9978	POC Details
15	A custom Python proof-of-concept showcasing root-cause analysis and exploitation of CVE 2019-9978 (Social Warfare plugin),focusing on practical RFI to RCE attack flow.	https://github.com/Vaidehim55/CVE-2019-9978-RCE-PoC	POC Details
16	POC (RCE) -> CVE-2019-9978	https://github.com/yup-Ivan/CVE-2019-9978	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2019-9978

请登录查看更多情报信息。

https://twitter.com/warfareplugins/status/1108852747099652099x_refsource_MISC
https://blog.sucuri.net/2019/03/zero-day-stored-xss-in-social-warfare.htmlx_refsource_MISC
https://wordpress.org/plugins/social-warfare/#developersx_refsource_MISC
https://wpvulndb.com/vulnerabilities/9238x_refsource_MISC
http://packetstormsecurity.com/files/152722/Wordpress-Social-Warfare-Remote-Code-Execution.htmlx_refsource_MISC
https://www.pluginvulnerabilities.com/2019/03/21/full-disclosure-of-settings-change-persistent-cross-site-scripting-xss-vulnerability-in-social-warfare/x_refsource_MISC
https://www.wordfence.com/blog/2019/03/unpatched-zero-day-vulnerability-in-social-warfare-plugin-exploited-in-the-wild/x_refsource_MISC
https://www.cybersecurity-help.cz/vdb/SB2019032105x_refsource_MISC
http://packetstormsecurity.com/files/163680/WordPress-Social-Warfare-3.5.2-Remote-Code-Execution.htmlx_refsource_MISC
https://www.exploit-db.com/exploits/46794/exploitx_refsource_EXPLOIT-DB
https://nvd.nist.gov/vuln/detail/CVE-2019-9978

Same Patch Batch · n/a · 2019-03-24 · 26 CVEs total

CVE-2019-10014		Desdev DedeCMS 访问控制错误漏洞
CVE-2019-9960		LimeSurvey 访问控制错误漏洞
CVE-2019-9962		XnView MP 缓冲区错误漏洞
CVE-2019-9963		XnView MP 缓冲区错误漏洞
CVE-2019-9964		XnView MP 缓冲区错误漏洞
CVE-2019-9965		XnView MP 缓冲区错误漏洞
CVE-2019-9966		XnView Classic 缓冲区错误漏洞
CVE-2019-9967		XnView Classic 缓冲区错误漏洞
CVE-2019-9968		XnView Classic 缓冲区错误漏洞
CVE-2019-9969		XnView Classic 缓冲区错误漏洞
CVE-2019-9970		Open Whisper Signal和Signal Private Messenger application for Android 输入验证错误漏洞
CVE-2019-9977		Tesla Model 3 输入验证错误漏洞
CVE-2019-10010		PHP League CommonMark library 跨站脚本漏洞
CVE-2019-10027		PHPCMS 跨站脚本漏洞
CVE-2019-10015		baigoStudio baigoSSO 输入验证错误漏洞
CVE-2019-10017		CMS Made Simple 跨站脚本漏洞
CVE-2019-10018		Xpdf 数字错误漏洞
CVE-2019-10019		Xpdf 数字错误漏洞
CVE-2019-10020		Xpdf 安全漏洞
CVE-2019-10021		Xpdf 数字错误漏洞

Showing top 20 of 26 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2019-9978

Anonymous User

2025-09-09 10:09:40

Venture into the epic sandbox of EVE Online. Shape your destiny today. Conquer alongside millions of pilots worldwide. <a href=https://www.eveonline.com/signup?invc=46758c20-63e3-4816-aa0e-f91cff26ade4>Download free</a>

Anonymous User

2026-01-15 06:09:48

Zaproxy alias impedit expedita quisquam pariatur exercitationem. Nemo rerum eveniet dolores rem quia dignissimos.

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2019-9978

I. Basic Information for CVE-2019-9978

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Shenlong Deep Dive — AI Deep Analysis

Affected Products

II. Public POCs for CVE-2019-9978

III. Intelligence Information for CVE-2019-9978

Same Patch Batch · n/a · 2019-03-24 · 26 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2019-9978

Anonymous User

Anonymous User

Leave a comment