shakaran · March 25, 2019 05:37
diff --git a/patch-social-warfare.php b/patch-social-warfare.php
 <?php
 /**
 @author Ángel Guzmán Maeso <[email protected]>
 @web https://shakaran.net/blog

 Critical zero-day vulnerability fixed in WordPress Easy WP SMTP plugin and Social Warfare Plugin.

 This is cleaner script for security vulnerability related with "Easy WP SMTP" and "Social Warfare".

 This version only covers "Social Warfare" settings infected

 Exploitation Level: Very Easy / Remote

 DREAD Score: 9.4

 Vulnerability: Arbitrary Option Update

 Patched Version: 1.3.9.1

 Instructions: Just upload this to your root worpdress base instalation folder, where the wp-load.php is present and execute the file
 via HTTP request o php CLI. It would replace the affected value for Social Warfare settings if infected

 @see https://blog.sucuri.net/2019/03/0day-vulnerability-in-easy-wp-smtp-affects-thousands-of-sites.html
 @see https://blog.nintechnet.com/critical-0day-vulnerability-fixed-in-wordpress-easy-wp-smtp-plugin/
 @see https://twitter.com/unmaskparasites/status/1109085601763155970
 */

 require_once 'wp-load.php';

 $social_warfare_settings = get_option('social_warfare_settings');


 if (isset($social_warfare_settings['twitter_id']) && strpos($social_warfare_settings['twitter_id'], 'script') !== false)
 {
    $social_warfare_settings['twitter_id'] = '';
    update_option('social_warfare_settings', $social_warfare_settings);
    echo '<span	style="color:green">Hack cleaned!</span>';
 }
 else
 {
   echo '<span  style="color:black">Hack not present</span>';
 }
	<?php
	/**
	@author Ángel Guzmán Maeso <[email protected]>
	@web https://shakaran.net/blog

	Critical zero-day vulnerability fixed in WordPress Easy WP SMTP plugin and Social Warfare Plugin.

	This is cleaner script for security vulnerability related with "Easy WP SMTP" and "Social Warfare".

	This version only covers "Social Warfare" settings infected

	Exploitation Level: Very Easy / Remote

	DREAD Score: 9.4

	Vulnerability: Arbitrary Option Update

	Patched Version: 1.3.9.1

	Instructions: Just upload this to your root worpdress base instalation folder, where the wp-load.php is present and execute the file
	via HTTP request o php CLI. It would replace the affected value for Social Warfare settings if infected

	@see https://blog.sucuri.net/2019/03/0day-vulnerability-in-easy-wp-smtp-affects-thousands-of-sites.html
	@see https://blog.nintechnet.com/critical-0day-vulnerability-fixed-in-wordpress-easy-wp-smtp-plugin/
	@see https://twitter.com/unmaskparasites/status/1109085601763155970
	*/

	require_once 'wp-load.php';

	$social_warfare_settings = get_option('social_warfare_settings');


	if (isset($social_warfare_settings['twitter_id']) && strpos($social_warfare_settings['twitter_id'], 'script') !== false)
	{
	$social_warfare_settings['twitter_id'] = '';
	update_option('social_warfare_settings', $social_warfare_settings);
	echo '<span style="color:green">Hack cleaned!</span>';
	}
	else
	{
	echo '<span style="color:black">Hack not present</span>';
	}