A WordPress plug-in vulnerability let any user take over websites

Those using WordPress to manage their websites may want to look out for a recently-discovered vulnerability in one of its plug-ins. A security researcher from WebARX recently discovered a flaw in Simple Social Buttons, a plug-in that lets site admins embed social sharing buttons, such as those for Facebook and Twitter, into articles, comment sections, and other parts of the website.

The vulnerability allows any user who can create new accounts on a website to exploit the plug-in and use it to access admin settings beyond what the plug-in would normally allow. This can give an ill-intentioned user to take over a website using the right tools. The vulnerability is showcased in the video below:

According to the developer, WPBrigade, Simple Social Buttons has been downloaded over 500,000 times, while WordPress claims that it's been installed on over 40,000 websites. That means there's a good chance that many websites built on the platform are affected.

The issue was reported to the developer last week, and thankfully it was quickly fixed with an update the following day. To stay safe, you'll want to update to the latest release of the plug-in, which is version 2.0.22.

Source: WebARX via ZDNet

Report a problem with article
1549929719_amazon_eero
Next Article

Amazon acquires router maker eero in new push for its smart home efforts

1549922761_b9bd5d09f464e2efd1c17d150a83cd31_original
Previous Article

ThunderMag is a MagSafe "successor" that supports Thunderbolt 3

1 Comments - Add comment

Advertisement