WordPress Plugin Vulnerabilities

Simple Social Buttons 2.0.4-2.0.21 - Authenticated Option Injection

Description

The Simple Social Media Share Buttons – Social Sharing for Everyone WordPress plugin was affected by an Authenticated Option Injection security vulnerability.

Affects Plugins

Plugin icon
simple-social-buttons
Fixed in 2.0.22

References

URL
https://www.webarxsecurity.com/wordpress-plugin-simple-social-buttons/
URL
https://www.zdnet.com/article/wordpress-plugin-flaw-lets-you-take-over-entire-sites/
URL
https://plugins.trac.wordpress.org/changeset/2027125/simple-social-buttons

Miscellaneous

Original Researcher
Luka Šikić (WebARX)
Submitter
Ryan Dewhurst
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
7b5ae9e4-e9f6-4990-aa1d-cd699f4430f6

Timeline

Publicly Published
2019-02-11 (about 7 years ago)
Added
2019-02-12 (about 7 years ago)
Last Updated
2020-12-16 (about 5 years ago)

Other

Published
Title
Published
2017-01-26
Title
WordPress 4.2.0-4.7.1 - Press This UI Available to Unauthorised Users
Published
2023-06-12
Title
Protect WP Admin < 4.0 - Unauthenticated Protection Bypass
Published
2014-09-17
Title
WP-Ban < 1.64 BlackList Bypass
Published
2022-04-07
Title
SiteGround Security < 1.2.6 - Authentication Bypass via 2-FA Authentication Setup
Published
2025-01-03
Title
reCaptcha by BestWebSoft < 1.79 - CAPTCHA Bypass