CVE-2018-20555
📋 TL;DR
The Design Chemical Social Network Tabs plugin 1.7.1 for WordPress exposes Twitter API credentials (access tokens, consumer keys) in publicly accessible source code. This allows remote attackers to steal these credentials and take over associated Twitter accounts. Any WordPress site using this vulnerable plugin version is affected.
💻 Affected Systems
- Design Chemical Social Network Tabs WordPress Plugin
📦 What is this software?
Social Network Tabs by Designchemical
⚠️ Risk & Real-World Impact
Worst Case
Complete takeover of associated Twitter accounts, allowing attackers to post malicious content, send DMs to followers, damage brand reputation, and potentially pivot to other connected services.
Likely Case
Attackers harvest exposed Twitter credentials to compromise social media accounts, potentially using them for spam, phishing, or spreading malware to followers.
If Mitigated
If credentials are rotated immediately after discovery and plugin is updated, impact is limited to potential brief unauthorized access before remediation.
🎯 Exploit Status
Exploitation requires only accessing the publicly readable PHP file containing hardcoded credentials. No authentication or special privileges needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.7.2 or later
Vendor Advisory: https://wordpress.org/plugins/social-network-tabs/
Restart Required: No
Instructions:
1. Log into WordPress admin panel
2. Navigate to Plugins → Installed Plugins
3. Find 'Social Network Tabs' plugin
4. Click 'Update Now' if update available
5. If no update available, deactivate and delete plugin immediately
6. Rotate all Twitter API credentials that were exposed
🔧 Temporary Workarounds
Immediate Plugin Deactivation
allDisable the vulnerable plugin to prevent credential exposure while planning permanent fix
wp plugin deactivate social-network-tabs
File Access Restriction
linuxTemporarily restrict access to the vulnerable PHP file via web server configuration
# Apache: Add to .htaccess
<Files "dcwp_twitter.php">
Order Allow,Deny
Deny from all
</Files>
# Nginx: Add to server block
location ~* /dcwp_twitter\.php$ {
deny all;
return 403;
}
🧯 If You Can't Patch
- Immediately rotate all Twitter API credentials (access tokens, consumer keys) through Twitter Developer Portal
- Remove or disable the Social Network Tabs plugin completely and use alternative social media integration solutions
🔍 How to Verify
Check if Vulnerable:
Access https://yoursite.com/wp-content/plugins/social-network-tabs/dcwp_twitter.php directly in browser or via curl. If page loads and contains Twitter API credentials, system is vulnerable.Check Version:
wp plugin get social-network-tabs --field=versionVerify Fix Applied:
After update, attempt to access the dcwp_twitter.php file. It should return 404 error or empty response. Verify plugin version is 1.7.2+ in WordPress admin.📡 Detection & Monitoring
Log Indicators:
- Multiple 200 OK responses to /wp-content/plugins/social-network-tabs/dcwp_twitter.php
- Unusual access patterns to plugin PHP files from external IPs
Network Indicators:
- HTTP GET requests to dcwp_twitter.php from suspicious IPs
- Subsequent connections to Twitter API from unexpected locations
SIEM Query:
source="web_access_logs" AND uri="/wp-content/plugins/social-network-tabs/dcwp_twitter.php" AND response="200"