Specialists of WebARX discovered a dangerous issue in the popular WordPress plugin, Simple Social Buttons, which offers simple social media buttons for websites. According to the researchers, the bug lies in the design of the application itself and is exacerbated by incorrect permissions checking.
If a potential attacker can register a new account on a vulnerable site, then exploiting the bug, he is also able to make changes to the CMS settings, that is, go far beyond the capabilities provided for the plugin initially. In fact, an attacker can place a backdoor on the site or take control of the administrator account.
The video below shows how the bug is used to change the email address of the administrator account. Before publications For information about the problem, the researchers notified the plugin developers, WPBrigade, about the bug. They have already released Simple Social Buttons version 2.0.22, where the vulnerability has been fixed.
Administrators of affected sites are urged to install the update as soon as possible, or disable user registration. The fact is that, according to official statistics, the plugin is installed on more than 40,000 sites, and now all these resources can become targets for botnet operators and other intruders.