+44 0330 223 3428
Call Us
+44 0330 223 3428

WPTavern: WPBrigade Patches Critical Vulnerability in Simple Social Buttons Plugin

WPTavern: WPBrigade Patches Critical Vulnerability in Simple Social Buttons Plugin

WPBrigade, the developers behind the Simple Social Buttons plugin, have patched a critical privilege escalation vulnerability. The security issue was discovered by the team at WebARX. Developer and researcher Luka Šikić summarized the vulnerability in a post published this week:

Improper application design flow, chained with lack of permission check resulted in privilege escalation and unauthorized actions in WordPress installation allowing non-admin users, even subscriber user type to modify WordPress installation options from the wp_options table.

Simple Social Buttons is a plugin that makes it easy for users to add social buttons to posts, pages, archives, and, popups, fly-ins, and custom post types. More than 40,000 users have the free version of the plugin active on their sites. A commercial version is also available through the developer’s website.

The plugin’s authors released version 2.0.22 the day after WebARX disclosed the vulnerability, but some site owners and agencies may not have heard about the security issue. Not everyone checks for updates automatically or even once per month. WPBrigade has not yet alerted users to the vulnerability on their blog or Twitter account. The only mention is in the plugin’s changelog, which states: “Enhancement: Fix security issue.” Users who see an update notice in their dashboards are advised to update immediately.


WPBrigade, the developers behind the Simple Social Buttons plugin, have patched a critical privilege escalation vulnerability. The security issue was discovered by the team at WebARX. Developer and researcher Luka Šikić summarized the vulnerability in a post published this week: Improper application design flow, chained with lack of permission check resulted in privilege escalation and unauthorized actions in WordPress installation allowing non-admin users, even subscriber user type to modify WordPress installation options from the wp_options table. Simple Social Buttons is a plugin that makes it easy for users to add social buttons to posts, pages, archives, and, popups, fly-ins, and custom post types. More than 40,000 users have the free version of the plugin active on their sites. A commercial version is also available through the developer’s website. The plugin’s authors released version 2.0.22 the day after WebARX disclosed the vulnerability, but some site owners and agencies may not have heard about the security issue. Not everyone checks for updates automatically or even once per month. WPBrigade has not yet alerted users to the vulnerability on their blog or Twitter account. The only mention is in the plugin’s changelog, which states: “Enhancement: Fix security issue.” Users who see an update…

Source: WordPress

Related Post
WPTavern: WPTracSearch: An Elasticsearch-Powered Search Interface for WordPress Trac Tickets

WPTavern: WPTracSearch: An Elasticsearch-Powered Search Interface for WordPress Trac Tickets WordPress Trac is one of the more utilitarian and uninspiring interfaces that many contributors have to contend with in the process of giving back to the project. After growing tired of Trac’s mediocre search functionality, William Earnhardt set out to improve it with a new […]

Read more
WPTavern: Tips for Replying to A Call for Papers or A Call for Speakers

WPTavern: Tips for Replying to A Call for Papers or A Call for Speakers The following is a guest post written by Jennifer Bourn. With 21 years experience as a graphic designer, 15 years experience as a web designer, 14 years as a creative agency owner, and 11 years as a blogger, Jennifer Bourn has […]

Read more
WPTavern: Storefront 2.5.0 Introduces a Custom, Block-Based Homepage

WPTavern: Storefront 2.5.0 Introduces a Custom, Block-Based Homepage Storefront, WooCommerce’s free flagship theme, has just released version 2.5.0 with updates that make it easier to setup and customize the homepage. In 2017, WooCommerce 2.2 introduced starter content to help users set up the homepage template, menus, widgets, and add some demo products. This content has […]

Read more