A critical vulnerability in the WordPress plugin Simple Social Buttons allows an attacker to completely take over a website.

The plugin allows users to add social sharing buttons in the sidebar, inline, above, and below the post content, photos, pop-ups, and fly-ins.

The error is the result of a faulty design flow and the lack of an authorization check that causes escalation of permissions and unauthorized actions in the WordPress installation, causing users or administrators who are not administrators to see the WordPress installation options in the table " wp-options "can change according to a WebARX blog post from February 11th.

The issue was discovered and reported on February 7th and patched the next day. Users should upgrade to the latest version as soon as possible because the plugin versions were 2.0.4 and earlier than 2.0.22.