Critical Bug in Popular WP Plugin can take over Entire Website

A plugin Simple Social Buttons was reported to have a major bug that can comprise the entire WordPress website by allowing hackers to have unauthorized access to the backend.

A security researcher and developer at WebARX, Luka Šikić, discovered this major bug in the plugin developed by WPBrigade.

What this Plugin does?

Simple Social Buttons is a popular plugin available in both free and paid versions which adds social media sharing buttons at the sidebar, inline, above or below the post. It also adds these buttons on pictures, popups, and fly-ins.

Plugin Vulnerability

According to the researcher, a hacker who can register on your website for adding comments or sharing your posts to other social platforms can easily exploit this vulnerability to plant backdoors for taking over admin accounts for further unauthorized access.

Luka Šikić discovered this security vulnerability last week and notified the problem to the plugin’s developer WPBrigade. The developer took no time in releasing a security patch for the plugin.

Luka Šikić also posted a demo on YouTube to show the severe consequences of the plugin’s vulnerabilities.

Update The Plugin – ASAP!

Update this plugin immediately to the newer version, i.e., 2.0.22.

WordPress plugins sure help in extending the functionality of an otherwise easy-to-use CMS but it also comes with own set of vulnerabilities.

If you’ve been using WordPress CMS for a while, this isn’t something new to you.

In addition, the researchers at Sucuri and MalwareBytes claim that hackers are exploiting vulnerabilities in outdated themes and plugins. And the outdated Simple Social Buttons plugin is on top of their list.

According to the stats on, the free version of this plugin is currently installed on more than 40,000 WordPress sites, making them vulnerable to this severe security bug. 

Thus, the website owners who have this plugin installed must update it as quickly as possible.

To learn all about keeping your WordPress site secure on automation, read about these best WordPress security plugins.

Sharing is caring

Do share this WP plugin news with your WP community members. Stay tuned to blog for everything related to WordPress.

Latest WordPress Tips, Guides, & News

Stay updated with new stuff in the WP ecosystem including exclusive deals, how-to articles, new plugins, and more. 100% WordPress Goodness, a promise!

1 thought on “Critical Bug in Popular WP Plugin can take over Entire Website”

  1. Great! to read
    I will be plugin this to for some additional as well as making my site secure from hackers for commenting and posting. Noted, i have bookmarked the page for further knowledge from you.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to Top