URGENT – If you use the plugin ‘Simple Social Buttons’ in your WordPress installation, you should immediately update it to the latest version as there has been a serious flaw found in it that could allow an attacker to take over the site. The flaw, which was discovered last week by security researcher and developer Luka Šikić, has been discovered and a video showing how to use it to break in to WordPress websites has been released.
The flaw has been fixed by the developer and a patch released. So if you haven’t already then you should update now.
The flaw can only be leveraged in sites that allow user sign-up, which most sites have disabled due to security reasons. Never the less you should update before they figure out how to exploit the flaw without user sign-up requirements.
Any of our customers who have website maintenance contracts will have already been updated to the latest security patch. If you are not sure then you should contact your web development team and/or your host to see if they can help.
If you are really stuck then we may be able to help, please submit a support ticket with your website URL and contact information. Do NOT post your username and password in the ticket we will contact you separately for the information if needed.
If you use the Simple Social Buttons plugin for WordPress then make sure you update your site to correct the security flaw immediately.
CritchCorp Computers Ltd.