On February 14, IT Home reported that WebARX, a foreign security agency, recently issued a warning that because the old version of WordPress Simple Social Button plug-in had a vulnerability, the website using the plug-in might be taken over by an attacker. They suggested that these websites be upgraded to the latest version as soon as possible.
It is understood that the Simple Social Button plug-in, developed by WPBrigade, is a very popular WordPress plug-in. This plug-in allows administrators to add community sharing buttons on the WordPress website, and can also directly provide web messages and community account login.
According to the statistics of WordPress Plugin, the plug-in has been installed by more than 40000 users, while the number of downloads on the official website of WPBrigade has exceeded 570000. Due to the improper design process of the plug-in application and the lack of license testing, this plug-in has a privilege upgrade vulnerability in the old version. An attacker can use this vulnerability to elevate the permissions of a new account on WordPress. An attacker can even modify the WordPress plug-in to reveal the vulnerability, and the website may be taken over by the attacker.
If the WordPress administrator has forbidden users to register accounts or is free from vulnerability hazards, but if the website allows you to leave messages for blog posts, you may be attacked. The vulnerability was reported to WPBrigate on February 7, and WPBrigate then completed the repair on the next day. This vulnerability affects Simple Social Button versions before 2.0.4 and 2.0.22. The website administrator needs to update as soon as possible.
