- A WordPress plugin that is used by many thousands of websites out there can lead to complete website takeover.
- The plugin allows changing the website settings without checking the user permissions.
- An updated version of the plugin has been already released, fixing the problem, but many websites may still be vulnerable.
The WordPress plugin named “Simple Social Buttons” is found to be plagued by a vulnerability that allows even for a complete website take over. The discovery was made by security researcher Luka Šikić, who specializes in WordPress exploitation. The relevant post by WebArx, the firm that employs the researcher talks about an improper application design flow chained with a lack of permission check. This security hole allows for privilege escalation for non-admin users, even those that stand at the level of the subscriber.
More specifically, the researcher has discovered that any user can fiddle with the “wp_options” table, which is the main settings of the WordPress website. The changes performed in the option_name and option_value objects are stored right away without asking for options editing and saving permission rights. In the following video, Luka Šikić is demonstrating a particular vulnerability and how to exploit it.
The researcher has already reported the problem to the plugin developer (WPBrigade), and a new version that fixes the problem is already out. Those who are using version 2.0.22 and earlier are urged to immediately update their plugin to version 2.0.4 or later. Simple Social Buttons is a very popular WordPress plugin that allows the implementation of custom social media buttons and the integration of social platforms and sharing functions on websites. Right now, it is estimated that more than 40000 WordPress sites are using the particular plugin, while its developer claims that it has been downloaded over half a million times. That said, the potential exploitation area is quite a broad one, even if most have already updated their plugin.
Are you immediately applying WordPress plugin updates when available, or are you waiting for someone else to take the blame if things break? Let us know how you do it in the comments section beneath, and feel free to share your thoughts with our online community on Facebook and Twitter.