A WordPress plugin with over one million installs has been found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites.
The plugin in question is Essential Addons for Elementor, which provides WordPress site owners with a library of over 80 elements and extensions to help design and customize pages and posts.
"This vulnerability allows any user, regardless of their authentication or authorization status, to perform a local file inclusion attack," Patchstack said in a report. "This attack can be used to include local files on the filesystem of the website, such as /etc/passwd. This can also be used to perform RCE by including a file with malicious PHP code that normally cannot be executed."
That said, the vulnerability only exists if widgets like dynamic gallery and product gallery are used, which utilize the vulnerable function, resulting in local file inclusion – an attack technique in which a web application is tricked into exposing or running arbitrary files on the webserver.
The flaw impacts all versions of the addon from 5.0.4 and below, and credited with discovering the vulnerability is researcher Wai Yan Myo Thet. Following responsible disclosure, the security hole was finally plugged in version 5.0.5 released on January 28 "after several insufficient patches."
The development comes weeks after it emerged that unidentified actors tampered with dozens of WordPress themes and plugins hosted on a developer's website to inject a backdoor with the goal of infecting further sites.
More info
- Hack Tools Github
- Best Pentesting Tools 2018
- Beginner Hacker Tools
- Pentest Tools Linux
- Hacking Tools Usb
- Pentest Tools Subdomain
- Pentest Tools Bluekeep
- Hacking Tools For Kali Linux
- Pentest Tools For Windows
- Pentest Tools For Android
- Pentest Tools Subdomain
- Hack Tools For Games
- Hacking Tools Windows 10
- Best Hacking Tools 2019
- How To Hack
- Hacking Tools Online
- Hacking Tools Mac
- Hacking Apps
- Pentest Tools Github
- Termux Hacking Tools 2019
- Hacking Tools Free Download
- Hack Tools Pc
- Hacker Tools Apk Download
- Pentest Tools Android
- Physical Pentest Tools
- Hacking Tools For Windows
- Hacker Tools Windows
- Hacking Tools Windows 10
- Hacker Tools Hardware
- Hacker Tools 2020
- Hacker Tools Free
- Pentest Tools Port Scanner
- Hacking Tools
- Hacker Security Tools
- Hacker Tools
- Pentest Tools Url Fuzzer
- Hacker Tools Free
- New Hacker Tools
- Pentest Tools Android
- Hack Website Online Tool
- Pentest Tools Port Scanner
- Computer Hacker
- Pentest Tools Alternative
- What Is Hacking Tools
- Hack Tools Download
- Hacking Tools For Mac
- Hacking Tools 2019
- Hack Tools Mac
- Pentest Tools Free
- Physical Pentest Tools
- Hacking Tools Free Download
- Pentest Tools For Ubuntu
- Ethical Hacker Tools
- Pentest Tools Website Vulnerability
- Top Pentest Tools
- Hacking Tools For Pc
- Hacking Tools Download
- Nsa Hack Tools Download
- How To Hack
- Hacking Apps
- Nsa Hacker Tools
- Hacker Tools For Ios
- Hacking Tools For Windows 7
- Easy Hack Tools
- Pentest Tools Apk
- Hacking Tools For Beginners
- Hacking Tools Kit
- Hacker Tools Online
- Easy Hack Tools
- Hacker Tools 2019
- Nsa Hacker Tools
- Pentest Tools Tcp Port Scanner
- Hacker Tools Github
- Pentest Reporting Tools
- Pentest Tools Github
- Hacker Tools Apk
- Hack App
- Hack Tools
- Hacker Tools For Ios
- Hacking Tools Download
- Growth Hacker Tools
- Hacking Tools Software
- Tools Used For Hacking
- Hack Tools
- Pentest Tools Subdomain
- Hacks And Tools
- Hacking Tools 2019
- Install Pentest Tools Ubuntu
- Tools Used For Hacking
- Hack Tool Apk No Root
- Hacking Tools Mac
- Tools For Hacker
- Pentest Automation Tools
- Free Pentest Tools For Windows
- Pentest Tools Port Scanner
- Hacker Tools Apk
- Pentest Tools Windows
- Hacker
- Hack Tools For Mac
- Hacking Tools Download
- Hacker Hardware Tools
- Hack Website Online Tool
- Hacking Tools Free Download
- Pentest Box Tools Download
- How To Hack
Critical Bug Found In WordPress Plugin For Elementor With Over A Million Installations