WordPress plugin flaw lets you take over entire sites


Userlevel 7
Badge +48

Vulnerability found in social sharing plugin named "Simple Social Buttons," installed on more than 40,000 WordPress sites.


February 11, 2019, By Catalin Cimpanu

WordPress site owners who are using the Simple Social Buttons plugin to support social media sharing features should update the plugin as soon as possible to plug a security hole that can be exploited to take over sites.

Luka Šikić, a developer and researcher at WordPress security firm WebARX, discovered the security issue last week and reported the problem to the plugin's author.

In a report published today, he described the issue as an "improper application design flow, chained with lack of permission check."

Full Article.

1 reply

Userlevel 7
Badge +48

WordPress plugin patches flaw that gave hackers potential access to 40,000 websites



February 12, 2019, By Jeff Stone

A new vulnerability in a popular WordPress plugin could allow outsiders who exploit the flaw to take control of a website, according to new research.

Luka Šikić, who works as a security developer at WebARX, published a report Monday revealing the bug in the Simple Social Buttons plugin, which more than 40,000 websites use to distribute their content on Facebook, Twitter and others. The problem would allow hackers to modify a WordPress site’s settings in a way plugin developers did not intend.

WPBrigade, the firm that developed Simple Social Buttons, patched the flaw in the 2.0.22 software update, which was released Friday. Šikić said he informed WPBrigade about the vulnerability on Feb. 7, and that the company fixed the issue within a day.

Full Article.

Reply

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept or continue browsing you agree to our cookie policy. Learn more about our cookies.

    Accept cookies Cookie settings