A plugin Simple Social Buttons was reported to have a major bug that can comprise the entire WordPress website by allowing hackers to have unauthorized access to the backend.

A security researcher and developer at WebARX, Luka Šikić, discovered this major bug in the plugin developed by WPBrigade.

What this Plugin does?

Simple Social Buttons is a popular plugin available in both free and paid versions which adds social media sharing buttons at the sidebar, inline, above or below the post. It also adds these buttons on pictures, popups, and fly-ins.

Plugin Vulnerability

According to the researcher, a hacker who can register on your website for adding comments or sharing your posts to other social platforms can easily exploit this vulnerability to plant backdoors for taking over admin accounts for further unauthorized access.

Luka Šikić discovered this security vulnerability last week and notified the problem to the plugin’s developer WPBrigade. The developer took no time in releasing a security patch for the plugin.

Luka Šikić also posted a demo on YouTube to show the severe consequences of the plugin’s vulnerabilities.

Update The Plugin – ASAP!

Update this plugin immediately to the newer version, i.e., 2.0.22.

WordPress plugins sure help in extending the functionality of an otherwise easy-to-use CMS but it also comes with own set of vulnerabilities.

If you’ve been using WordPress CMS for a while, this isn’t something new to you.

In addition, the researchers at Sucuri and MalwareBytes claim that hackers are exploiting vulnerabilities in outdated themes and plugins. And the outdated Simple Social Buttons plugin is on top of their list.

According to the stats on WordPress.org, the free version of this plugin is currently installed on more than 40,000 WordPress sites, making them vulnerable to this severe security bug. 

Thus, the website owners who have this plugin installed must update it as quickly as possible.

To learn all about keeping your WordPress site secure on automation, read about these best WordPress security plugins.

Sharing is caring

Do share this WP plugin news with your WP community members. Stay tuned to Breeze.io blog for everything related to WordPress.