Monday, January 22, 2024

Critical Bug Found In WordPress Plugin For Elementor With Over A Million Installations

 


A WordPress plugin with over one million installs has been found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites.

The plugin in question is Essential Addons for Elementor, which provides WordPress site owners with a library of over 80 elements and extensions to help design and customize pages and posts.

"This vulnerability allows any user, regardless of their authentication or authorization status, to perform a local file inclusion attack," Patchstack said in a report. "This attack can be used to include local files on the filesystem of the website, such as /etc/passwd. This can also be used to perform RCE by including a file with malicious PHP code that normally cannot be executed."

That said, the vulnerability only exists if widgets like dynamic gallery and product gallery are used, which utilize the vulnerable function, resulting in local file inclusion – an attack technique in which a web application is tricked into exposing or running arbitrary files on the webserver.

The flaw impacts all versions of the addon from 5.0.4 and below, and credited with discovering the vulnerability is researcher Wai Yan Myo Thet. Following responsible disclosure, the security hole was finally plugged in version 5.0.5 released on January 28 "after several insufficient patches."

The development comes weeks after it emerged that unidentified actors tampered with dozens of WordPress themes and plugins hosted on a developer's website to inject a backdoor with the goal of infecting further sites.

More articles


  1. Pentest Tools Website Vulnerability
  2. Hacking App
  3. Hacking Tools For Mac
  4. Hacking Tools Free Download
  5. Beginner Hacker Tools
  6. Nsa Hack Tools Download
  7. What Is Hacking Tools
  8. Kik Hack Tools
  9. Hacking Tools 2020
  10. Pentest Tools Linux
  11. Pentest Tools Alternative
  12. Termux Hacking Tools 2019
  13. Hack And Tools
  14. Hacker Tools Free
  15. Tools 4 Hack
  16. Best Pentesting Tools 2018
  17. Pentest Tools Github
  18. Hacking Tools For Pc
  19. Pentest Tools Website
  20. Hack Tool Apk
  21. Hacker Tools For Pc
  22. Underground Hacker Sites
  23. Install Pentest Tools Ubuntu
  24. Pentest Tools For Mac
  25. Hacking Tools Windows
  26. Hacker Tools Free Download
  27. Pentest Tools Website
  28. Best Hacking Tools 2019
  29. Android Hack Tools Github
  30. Pentest Tools Kali Linux
  31. Hack Tools Download
  32. Hack Tools For Ubuntu
  33. Hacker Tools Free Download
  34. Hack Tools 2019
  35. Pentest Tools Open Source
  36. Pentest Tools Linux
  37. Hacking Tools For Windows
  38. Hack Tool Apk No Root
  39. Hacker Tools 2019
  40. Hacking Tools Software
  41. Termux Hacking Tools 2019
  42. Hack Tools
  43. Hacks And Tools
  44. Hacking Tools For Windows
  45. Pentest Tools Free
  46. Hacks And Tools
  47. Pentest Tools Website Vulnerability
  48. Pentest Tools
  49. Best Hacking Tools 2020
  50. Pentest Tools For Windows
  51. New Hack Tools
  52. What Is Hacking Tools
  53. Hack And Tools
  54. Hacker Tools Windows
  55. Pentest Tools Free
  56. Pentest Tools Apk
  57. Pentest Tools For Windows
  58. Hack Tools For Windows
  59. Top Pentest Tools
  60. Computer Hacker
  61. Hacker Hardware Tools
  62. Ethical Hacker Tools
  63. Hacking Tools For Beginners
  64. Hack Tools For Ubuntu
  65. Hacking Tools For Games
  66. Pentest Tools For Windows
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)