Luka Šikić, a security researcher from WebARX has just discovered a flaw in the “Simple Social Buttons” plugin. The plugin is designed to make it easy for webmasters to embed social sharing buttons to Facebook or Twitter in articles, comments, or other parts of the site.
However, the latest exposure vulnerabilities allow anyone who can create a new account on the site to use it to access settings that are usually only available to administrators. In other words, an attacker with ulterior motives can take over the site through this plugin.
Security researchers pointed out that up to now, WPBrigade simple social sharing button plug-in has been downloaded more than 500,000 times. WordPress claims that it has been installed by more than 40,000 websites.
This means that many websites built on the WordPress CMS may have been affected by this vulnerability. Fortunately, security researchers have reported this issue to WordPress last week, and the author’s plugin has released an update the next day.
Of course, to ensure security, be sure to upgrade the Simple Social Buttons plugin to the latest 2.0.22 release.