
Critical vulnerability in WordPress plugin Simple Social Buttons
There is a critical vulnerability in the WordPress plugin called Simple Social Buttons. The vulnerability can be used to enable a non-admin user to modify your WordPress installation and allow them to take over your website.
So what is the issue here? The researchers with WebARX stated on Monday (2-11-19) that the vulnerability results from two issues in the Simple Social Buttons plugin being how the application was coded and a lack of permission checks. This vulnerability allow any user type to change any option from the ‘wp_options’ database table, which is where the crucial configuration of a WordPress installation is located.
“Improper application design flow, chained with lack of permission check resulted in privilege-escalation and unauthorized actions in WordPress installation allowing non-admin users, even subscriber user type to modify WordPress installation options from the wp_options table,” Luka Sikic, developer and researcher with WebARX, stated on a Monday post.
The vulnerability, which is rated 9.1 on the CVSS v3 severity scale, was discovered on Feb. 7, and a patch was released on Feb. 8. Everyone with this plugin are critically urged to update to the latest version 2.0.22.
- Fixing WebView2 Issues on ARM64: Why Outlook and Teams Keep Breaking (and How to Fix Them)
- How to Enable Auto Recording & Transcription in Microsoft Teams and Assign Meeting Policies to All Users
- How to Install SentinelOne on Ubuntu 24.04
- How to Completely Remove SentinelOne from Ubuntu 24.04
- PowerShell Script to Force Uninstall Umbrella Roaming Client
Discover more from Patrick Domingues
Subscribe to get the latest posts sent to your email.