In March 2019 a vulnerability was discovered within Social Warfare plugin which was quickly attacked to load links within blogs which were using social buttons powered by Social Warfare plugin. 

We had an issue with the caching on our blog (which is isolated from WebARX portal and from any other sites that we run), so the firewall rules on our site were not syncing and therefore some of the pages on our blog were affected by what we protected others from. The site was restored and the plugin was removed, our analysis showed that none of the files on the server were accessed and the only thing that was touched was the Social Warfare plugin options.

From the vulnerability details you can read that a "Malicious eval() is being inserted into the wp_options table, in the option_name: social_wafare_settings, in the Twitter field." - which means that if the plugin was enabled and the website visitor was served with the social buttons, it was opening links to unwanted sites.

Some individuals were quick to spread inappropriate information without really looking into the details nor replying to any of our messages. To make sure it was not WebARX firewall that failed, we even offered completely free incident response (malware clean-ups) to anyone who thought they were affected by the same vulnerability while using WebARX. None of our customers reached out to us.

In reality, we were actively monitoring the attacks against Social Warfare plugin vulnerability and had virtual patches sent to all sites. If you look at the WordPress vulnerability database, you can see that we were actually the ones who discovered and reported the RCE vulnerability (which was targeted during the same campaign) within the Social Warfare plugin. You see us being the original submitter here: https://wpvulndb.com/vulnerabilities/9259

During the week, we prevented the attack on thousands of websites and we even released statistics and technical advisory on our blog which you can see here:
https://www.webarxsecurity.com/social-warfare-vulnerability/

Lessons learned, we have improved the whole firewall syncing process and improved the way how WebARX api is updating the rules on sites which have different caching plugins and server level caching enabled.

We continue to invest into strong security research on plugin vulnerabilities to provide proactive security for tens of thousands of websites every day. We're also glad to announce that we're rapidly growing our ethical white hat hackers community (already 160+ security researchers back our research and firewall) at plugbounty.com which gives us a unique ability to protect our customers sites from plugin vulnerabilities way before the information gets public or when the plugin developers patch it.

Hopefully this clears it up, but if you still have any questions or want to know specific details, open up the chat bubble in the bottom-right corner and feel free to ask about it.

Stay safe!

Sincerely,
Oliver Sild - CEO at WebARX

Did this answer your question?