Skip to Main Content

Shareaholic Announces Patch for Site Security Bug

Posted on 3.19.2015

From Anthem Blue Cross to Home Depot and JP Morgan, security breaches have been rampant over the past year making brands more conscious of their threat level than ever before.

Shareaholic, a content amplification and monetization platform, has recently announced a patch to a bug in their WordPress plugin.

The bug, a cross-site scripting (XSS) vulnerability, enables users with no administrative privileges that were logged-in on a site to make changes to the site as an administrator. It is important to note that the bud does not change a user’s role on the site. Shareaholic states that “any non-Admin users who have access to your site will not know about this exposure unless they actively seek it out.” To fix the problem the company states that users should update to the latest version of the Shareaholic WordPress plugin as well as change their administrative password.

The bug affects all those how have the Shareaholic WordPress plugin and any type of user permissions or roles (e.g. Authors, Editors, Subscribers, etc.) on their WordPress.org hosted site, yet, the bug does not affect WordPress.com hosted sites.


 Request Website Magazine's Free Weekly Newsletters 


Leave Your Comment

Login to Comment

Become a Member

Not already a part of our community?
Sign up to participate in the discussion. It's free and quick.

Sign Up

 

Leave a comment
    Load more comments
    New code
  •    
      

    The Ultimate Guide to Personalization

    Kibo