Patch/Configuration Management, Vulnerability Management

WordPress plugin Simple Social Buttons flaw allows complete site takeover

A critical vulnerability in WordPress plugin Simple Social Buttons allows an attacker to completely takeover a website.

The plugin allows users to add social media sharing buttons on the sidebar, inline, above and below the content of the post, on photos, pop ups and fly-ins.

The bug is the result of and improper design flow an the lack of a permission check that results in privilege escalation and unauthorized actions in WordPress installation that could allow non-admin users or even subscribers to modify the WordPress installation options from the wp-options table according to a Feb. 11 WebARX blog post.

The issue was discovered and reported on Feb. 7 and was patched the next day. Users should update to the latest version as soon as possible as plugin versions from 2.0.4 and before version 2.0.22 were affected.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.