Newly Discovered WordPress Plugin Flaw Lets Others Take Control Of Your Website

Wordpress

A recently discovered vulnerability found in the plugin named “Simple Social Buttons,” lets others gain control of your entire website.

The “Simple Social Buttons” plugin currently has an install base of more than 40,000 WordPress sites. And website owners are advised to update the plugin as soon as possible to fix a security issue that can allow others to take control of the entire site.

Developer and researcher from WordPress security firm WebARX, Luka Šikić, has discovered the security hole recently and has already reported the problem to the plugin’s author.

In a report published on the WebARX website, Šikić described the issue as an “improper application design flow, chained with lack of permission check.”

Attackers are be able to register new accounts on the affected website and can exploit this vulnerability to gain complete control of the website. By having access to the WordPress site’s main settings, hackers can then install backdoors or take over admin accounts.

The researcher also posted a demo video on Youtube and showed just how exactly dangerous this security flaw from the  “Simple Social Buttons” plugin by changing the email address associated with a WordPress site’s admin account.

 

WPBrigade, the company behind the plugin, has already released a patch a day after this report and users are advised to update the Simple Social Buttons plugin to version 2.0.22.

Having a install base of 40,000 website makes this security flaw a good target for WordPress botnet operators.

Update: Sites that block user registration are protected against this vulnerability, while sites that let users register on the site are vulnerable to this security flaw and should update the plugin as soon as possible.

Image Source: WordPress

About the author

Kenneth is a digital marketing specialist by profession with a strong focus on SEO and Analytics, has helped companies grow their organic traffic and attract visitors from different marketing channels. Has a strong background in programming thanks to his degree in Computer Science, loves creating, tinkering, and growing websites.

Leave a Reply

.
Like what you're reading?
Subscribe and get exclusive access to the latest industry news, guides and resources.