28 Jun

Authenticated Option Deletion Vulnerability in Social Media and Share Icons (Ultimate Social Media)

Recently we have been finding a lot of vulnerabilities in WordPress plugins through monitoring our websites for what look to be requests related to hacking attempts against plugins that don’t have known vulnerabilities and then checking over the plugins for exploitable vulnerabilities. That has lead to us finding quite a few vulnerabilities in the current versions of plugins. In attempt to catch more of this type of issue we have been looking around for more data so that we can catch more of these vulnerabilities. That lead us to look at the Social Media and Share Icons (Ultimate Social Media) plugin, despite it looking like it might not have been the target of a hacker. While reviewing that we found a fairly serious vulnerability, though not one that hackers would likely be interested in exploiting.

[Read more]