A critical vulnerability in WordPress plugin Simple Social Buttons allows an attacker to completely takeover a website.

The plugin allows users to add social media sharing buttons on the sidebar, inline, above and below the content of the post, on photos, pop ups and fly-ins.

The bug is the result of and improper design flow an the lack of a permission check that results in privilege escalation and unauthorized actions in WordPress installation that could allow non-admin users or even subscribers to modify the WordPress installation options from the wp-options table according to a Feb. 11 WebARX blog post.

The issue was discovered and reported on Feb. 7 and was patched the next day. Users should update to the latest version as soon as possible as plugin versions from 2.0.4 and before version 2.0.22 were affected.