When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

A WordPress plug-in vulnerability let any user take over websites

Those using WordPress to manage their websites may want to look out for a recently-discovered vulnerability in one of its plug-ins. A security researcher from WebARX recently discovered a flaw in Simple Social Buttons, a plug-in that lets site admins embed social sharing buttons, such as those for Facebook and Twitter, into articles, comment sections, and other parts of the website.

The vulnerability allows any user who can create new accounts on a website to exploit the plug-in and use it to access admin settings beyond what the plug-in would normally allow. This can give an ill-intentioned user to take over a website using the right tools. The vulnerability is showcased in the video below:

According to the developer, WPBrigade, Simple Social Buttons has been downloaded over 500,000 times, while WordPress claims that it's been installed on over 40,000 websites. That means there's a good chance that many websites built on the platform are affected.

The issue was reported to the developer last week, and thankfully it was quickly fixed with an update the following day. To stay safe, you'll want to update to the latest release of the plug-in, which is version 2.0.22.

Source: WebARX via ZDNet

Report a problem with article
Next Article

Amazon acquires router maker eero in new push for its smart home efforts

Previous Article

ThunderMag is a MagSafe "successor" that supports Thunderbolt 3

Join the conversation!

Login or Sign Up to read and post a comment.

1 Comment - Add comment