+44 0330 223 3428
Call Us
+44 0330 223 3428

WPTavern: WPBrigade Patches Critical Vulnerability in Simple Social Buttons Plugin

WPTavern: WPBrigade Patches Critical Vulnerability in Simple Social Buttons Plugin

WPBrigade, the developers behind the Simple Social Buttons plugin, have patched a critical privilege escalation vulnerability. The security issue was discovered by the team at WebARX. Developer and researcher Luka Šikić summarized the vulnerability in a post published this week:

Improper application design flow, chained with lack of permission check resulted in privilege escalation and unauthorized actions in WordPress installation allowing non-admin users, even subscriber user type to modify WordPress installation options from the wp_options table.

Simple Social Buttons is a plugin that makes it easy for users to add social buttons to posts, pages, archives, and, popups, fly-ins, and custom post types. More than 40,000 users have the free version of the plugin active on their sites. A commercial version is also available through the developer’s website.

The plugin’s authors released version 2.0.22 the day after WebARX disclosed the vulnerability, but some site owners and agencies may not have heard about the security issue. Not everyone checks for updates automatically or even once per month. WPBrigade has not yet alerted users to the vulnerability on their blog or Twitter account. The only mention is in the plugin’s changelog, which states: “Enhancement: Fix security issue.” Users who see an update notice in their dashboards are advised to update immediately.


WPBrigade, the developers behind the Simple Social Buttons plugin, have patched a critical privilege escalation vulnerability. The security issue was discovered by the team at WebARX. Developer and researcher Luka Šikić summarized the vulnerability in a post published this week: Improper application design flow, chained with lack of permission check resulted in privilege escalation and unauthorized actions in WordPress installation allowing non-admin users, even subscriber user type to modify WordPress installation options from the wp_options table. Simple Social Buttons is a plugin that makes it easy for users to add social buttons to posts, pages, archives, and, popups, fly-ins, and custom post types. More than 40,000 users have the free version of the plugin active on their sites. A commercial version is also available through the developer’s website. The plugin’s authors released version 2.0.22 the day after WebARX disclosed the vulnerability, but some site owners and agencies may not have heard about the security issue. Not everyone checks for updates automatically or even once per month. WPBrigade has not yet alerted users to the vulnerability on their blog or Twitter account. The only mention is in the plugin’s changelog, which states: “Enhancement: Fix security issue.” Users who see an update…

Source: WordPress

Related Post
WPTavern: Clean Blocks: A Free Multipurpose WordPress Theme Compatible with Gutenberg

WPTavern: Clean Blocks: A Free Multipurpose WordPress Theme Compatible with Gutenberg Clean Blocks is a new free theme from Catch Themes that was released last week on WordPress.org. The design is suitable for businesses, agencies, freelancers, and other service professionals who require featured content, a portfolio, testimonials, a blog, and a services section. Clean Blocks […]

Read more
WPTavern: Laraberg, a Gutenberg Implementation for Laravel, is Now in Beta

WPTavern: Laraberg, a Gutenberg Implementation for Laravel, is Now in Beta The family of Gutenberg derivatives is expanding with the beta release of Laraberg, an implementation for Laravel. Maurice Wijnia, a developer at Van Ons, an agency based in Amsterdam, created Laraberg as an easy way for developers building applications with Laravel to integrate the […]

Read more
HeroPress: How the WordPress community helped me find my way

HeroPress: How the WordPress community helped me find my way Este ensaio também está disponível em português. As I make a checklist of all the things I’ll have to pack to travel from São Paulo to Berlin, to attend WordCamp Europe 2019, I can’t stop thinking how hard the path to this point has been. […]

Read more