Update: a new version 3.5.3 was just released.
Another day, another zero-day.
A quick search returned that a full disclosure (including a POC) was published on the www.pluginvulnerabilities.com blog earlier today.
We have pushed a new set of rules for our NinjaFirewall WAF so make sure you are running the latest rules: “NinjaFirewall > Rules updates > Check For Updates Now!”. Both our free and premium users are protected against this vulnerability.
Otherwise, uninstall the plugin ASAP and wait for the fix to be published.
social_warfare_settings in your
wp_options table and delete it.
As an alternative, you can uninstall the plugin, but note that it will not delete its settings.
And as usual, don’t forget to change your admin password and install a web application firewall to protect your blog.