Vulnerability found in social sharing plugin named "Simple Social Buttons," installed on more than 40,000 WordPress sites.
February 11, 2019, By Catalin Cimpanu
WordPress site owners who are using the Simple Social Buttons plugin to support social media sharing features should update the plugin as soon as possible to plug a security hole that can be exploited to take over sites.
Luka Šikić, a developer and researcher at WordPress security firm WebARX, discovered the security issue last week and reported the problem to the plugin's author.
In a report published today, he described the issue as an "improper application design flow, chained with lack of permission check."