Those using WordPress to manage their websites may want to look out for a recently-discovered vulnerability in one of its plug-ins. A security researcher from WebARX recently discovered a flaw in Simple Social Buttons, a plug-in that lets site admins embed social sharing buttons, such as those for Facebook and Twitter, into articles, comment sections, and other parts of the website.
The vulnerability allows any user who can create new accounts on a website to exploit the plug-in and use it to access admin settings beyond what the plug-in would normally allow. This can give an ill-intentioned user to take over a website using the right tools. The vulnerability is showcased in the video below:
According to the developer, WPBrigade, Simple Social Buttons has been downloaded over 500,000 times, while WordPress claims that it's been installed on over 40,000 websites. That means there's a good chance that many websites built on the platform are affected.
The issue was reported to the developer last week, and thankfully it was quickly fixed with an update the following day. To stay safe, you'll want to update to the latest release of the plug-in, which is version 2.0.22.
1 Comment - Add comment