WPBrigade, the developer behind the Simple Social Buttons plugin, have just released a fix to a critical vulnerability. This vulnerability allows an attacker to completely take over a website.
The security issue was discovered by the team at WebARX. Developer and researcher Luka Šikić summarized the problem in a blog post:
Improper application design flow, chained with lack of permission check resulted in privilege escalation and unauthorized actions in WordPress installation allowing non-admin users, even subscriber user type to modify WordPress installation options from the wp_options table.
This security hole allows for privilege escalation for non-admin users, even those that stand at the level of the subscriber.
More specifically, the researcher has discovered that any user can fiddle with the wp_options table, which includes the main configuration settings of a WordPress website. The changes performed in the option_name and option_value objects are stored right away without asking for options editing and saving permission rights.
Luka Šikić also posted a video online to demonstrate how dangerous the vulnerability potentially can be:
About Simple Social Buttons
Simple Social Buttons is a plugin that makes it easy for users to add social media buttons to blog posts, pages, archives, pop-ups, fly-ins and custom post types. More than 40,000 users have activated the free version of the plugin on their website. A premium version is also available via the WPBrigade website.
Patch
The plugin’s authors released version 2.0.22 the day after WebARX disclosed the vulnerability. This update contains a patch that solves the problem. At the time of writing WPBrigade has not alerted users about the vulnerability on their blog or twitter acount. There is only a mention of the issue in the changelog of the plugin: “Enhancement: Fix security issue.”
Update as soon as possible
However, it is essential that anyone using the plugin perform the update as soon as possible. The consequences of a possible attack could be very large. A number of websites have already secured themselves against vulnerabilities in a different way, namely by restricting the registration of new users. WordPress websites that users register are however very vulnerable.
If your website uses the Simple Social Buttons plugin, you should update to the latest version as soon as possible. The described vulnerability affects plugin versions from 2.0.4 and before version 2.0.22 in which developers introduced patch.
