Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: WordPress plugin vulnerability lets any user take over websites

11 Feb 2019   #1

64-bit Windows 10 Pro
WordPress plugin vulnerability lets any user take over websites

WordPress site owners who are using the Simple Social Buttons plugin to support social media sharing features should update the plugin as soon as possible to plug a security hole that can be exploited to take over sites.

Luka Šikić, a developer and researcher at WordPress security firm WebARX, discovered the security issue last week and reported the problem to the plugin's author.

In a report published today, he described the issue as an "improper application design flow, chained with lack of permission check."

He says that an attacker who can register new accounts on a site can exploit this vulnerability to make modifications to a WordPress site's main settings, outside to what the plugin was initially meant to manage.

These modifications can allow an attacker to take over sites by installing backdoors or taking over admin accounts.

In a demo video he posted on YouTube today, Šikić showed how dangerous the vulnerability is by changing the email address associated with a WordPress site's admin account.

Read more: WordPress plugin flaw lets you take over entire sites | ZDNet

My System SpecsSystem Spec

 WordPress plugin vulnerability lets any user take over websites

Thread Tools

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 22:06.
Twitter Facebook