Shareaholic Announces Patch for Site Security Bug

Derek Schou
by Derek Schou 20 Mar, 2015

From Anthem Blue Cross to Home Depot and JP Morgan, security breaches have been rampant over the past year making brands more conscious of their threat level than ever before.

Shareaholic, a content amplification and monetization platform, has recently announced a patch to a bug in their WordPress plugin.

The bug, a cross-site scripting (XSS) vulnerability, enables users with no administrative privileges that were logged-in on a site to make changes to the site as an administrator. It is important to note that the bud does not change a user's role on the site. Shareaholic states that "any non-Admin users who have access to your site will not know about this exposure unless they actively seek it out." To fix the problem the company states that users should update to the latest version of the Shareaholic WordPress plugin as well as change their administrative password.

The bug affects all those how have the Shareaholic WordPress plugin and any type of user permissions or roles (e.g. Authors, Editors, Subscribers, etc.) on their WordPress.org hosted site, yet, the bug does not affect WordPress.com hosted sites.