Jump to content
usrnm

WordPress Plugin ‘Simple Social Buttons’ Critical Security Bug

Recommended Posts

Software Overview

WordPress plugin Simple Social Buttons is a popular free and paid plugin that brings the ability to add social media sharing buttons on the sidebar, inline, above and below the content of the post, on photos, popups, fly-ins.

The plugin has over 40,000+ active installations according to WordPress Plugin repository and over 500,000 downloads according to plugin vendor WPBrigade.

Vulnerability Description

Improper application design flow, chained with lack of permission check resulted in privilege escalation and unauthorized actions in WordPress installation allowing non-admin users, even subscriber user type to modify WordPress installation options from the wp_options table.

Screen-Shot-2019-02-11-at-12.14.47-PM.pn

As can be seen from the screenshot, a function would iterate through JSON object provided in the request and update all options with option_name from object key and option_value from a key value without checking whether the current user has permission to manage options or provided option_name belongs to that plugin.

 

sursa:https://www.webarxsecurity.com/wordpress-plugin-simple-social-buttons/

  • Upvote 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...