Patch for Zero Day Vulnerability Easy WP SMTP plugin and Social Warfare Plugin

patch-social-warfare.php

<?php
/**
@author Ángel Guzmán Maeso <angel@guzmanmaeso.com>
@web https://shakaran.net/blog

Critical zero-day vulnerability fixed in WordPress Easy WP SMTP plugin and Social Warfare Plugin.

This is cleaner script for security vulnerability related with "Easy WP SMTP" and "Social Warfare".

This version only covers "Social Warfare" settings infected

Exploitation Level: Very Easy / Remote

DREAD Score: 9.4

Vulnerability: Arbitrary Option Update

Patched Version: 1.3.9.1

Instructions: Just upload this to your root worpdress base instalation folder, where the wp-load.php is present and execute the file
via HTTP request o php CLI. It would replace the affected value for Social Warfare settings if infected

@see https://blog.sucuri.net/2019/03/0day-vulnerability-in-easy-wp-smtp-affects-thousands-of-sites.html
@see https://blog.nintechnet.com/critical-0day-vulnerability-fixed-in-wordpress-easy-wp-smtp-plugin/
@see https://twitter.com/unmaskparasites/status/1109085601763155970
*/

require_once 'wp-load.php';

$social_warfare_settings = get_option('social_warfare_settings');


if (isset($social_warfare_settings['twitter_id']) && strpos($social_warfare_settings['twitter_id'], 'script') !== false)
{
    $social_warfare_settings['twitter_id'] = '';
    update_option('social_warfare_settings', $social_warfare_settings);
    echo '<span	style="color:green">Hack cleaned!</span>';
}
else
{
   echo '<span  style="color:black">Hack not present</span>';
}