+44 0330 223 3428
Call Us
+44 0330 223 3428

WPTavern: WPBrigade Patches Critical Vulnerability in Simple Social Buttons Plugin

WPTavern: WPBrigade Patches Critical Vulnerability in Simple Social Buttons Plugin

WPBrigade, the developers behind the Simple Social Buttons plugin, have patched a critical privilege escalation vulnerability. The security issue was discovered by the team at WebARX. Developer and researcher Luka Šikić summarized the vulnerability in a post published this week:

Improper application design flow, chained with lack of permission check resulted in privilege escalation and unauthorized actions in WordPress installation allowing non-admin users, even subscriber user type to modify WordPress installation options from the wp_options table.

Simple Social Buttons is a plugin that makes it easy for users to add social buttons to posts, pages, archives, and, popups, fly-ins, and custom post types. More than 40,000 users have the free version of the plugin active on their sites. A commercial version is also available through the developer’s website.

The plugin’s authors released version 2.0.22 the day after WebARX disclosed the vulnerability, but some site owners and agencies may not have heard about the security issue. Not everyone checks for updates automatically or even once per month. WPBrigade has not yet alerted users to the vulnerability on their blog or Twitter account. The only mention is in the plugin’s changelog, which states: “Enhancement: Fix security issue.” Users who see an update notice in their dashboards are advised to update immediately.


WPBrigade, the developers behind the Simple Social Buttons plugin, have patched a critical privilege escalation vulnerability. The security issue was discovered by the team at WebARX. Developer and researcher Luka Šikić summarized the vulnerability in a post published this week: Improper application design flow, chained with lack of permission check resulted in privilege escalation and unauthorized actions in WordPress installation allowing non-admin users, even subscriber user type to modify WordPress installation options from the wp_options table. Simple Social Buttons is a plugin that makes it easy for users to add social buttons to posts, pages, archives, and, popups, fly-ins, and custom post types. More than 40,000 users have the free version of the plugin active on their sites. A commercial version is also available through the developer’s website. The plugin’s authors released version 2.0.22 the day after WebARX disclosed the vulnerability, but some site owners and agencies may not have heard about the security issue. Not everyone checks for updates automatically or even once per month. WPBrigade has not yet alerted users to the vulnerability on their blog or Twitter account. The only mention is in the plugin’s changelog, which states: “Enhancement: Fix security issue.” Users who see an update…

Source: WordPress

Related Post
WPTavern: Matt Mullenweg Publishes TED Talk on the Future of Work, Prepares to Launch New Distributed.blog Website

WPTavern: Matt Mullenweg Publishes TED Talk on the Future of Work, Prepares to Launch New Distributed.blog Website Matt Mullenweg is teasing out a new website at distributed.blog with the tagline “The future of work is here.” It’s not clear yet whether subscribers to the mystery blog will be on board for blog posts, a new […]

Read more
WPTavern: WPWeekly Episode 345 – The Relationship Between Corporate Cash and Open Source Software

WPTavern: WPWeekly Episode 345 – The Relationship Between Corporate Cash and Open Source Software In this episode, John James Jacoby and I discuss a thought-provoking post published by Morten Rand-Hendriksen that takes a deep look at equity in open source software. Morten suggests that the mantra of decisions are made by those who show up […]

Read more
WPTavern: Ultimate Blocks Plugin Adds Schema-Enabled Review Block

WPTavern: Ultimate Blocks Plugin Adds Schema-Enabled Review Block Ultimate Blocks, one of the many Gutenberg block collections that have sprouted up, launched before WordPress 5.0 with eight blocks. The collection has since doubled in size, adding features like accordions, social sharing buttons, tabbed content, a progress bar, and star-ratings. Many block collections are loosely organized […]

Read more