Friday, January 19, 2024

Critical Bug Found In WordPress Plugin For Elementor With Over A Million Installations

 


A WordPress plugin with over one million installs has been found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites.

The plugin in question is Essential Addons for Elementor, which provides WordPress site owners with a library of over 80 elements and extensions to help design and customize pages and posts.

"This vulnerability allows any user, regardless of their authentication or authorization status, to perform a local file inclusion attack," Patchstack said in a report. "This attack can be used to include local files on the filesystem of the website, such as /etc/passwd. This can also be used to perform RCE by including a file with malicious PHP code that normally cannot be executed."

That said, the vulnerability only exists if widgets like dynamic gallery and product gallery are used, which utilize the vulnerable function, resulting in local file inclusion – an attack technique in which a web application is tricked into exposing or running arbitrary files on the webserver.

The flaw impacts all versions of the addon from 5.0.4 and below, and credited with discovering the vulnerability is researcher Wai Yan Myo Thet. Following responsible disclosure, the security hole was finally plugged in version 5.0.5 released on January 28 "after several insufficient patches."

The development comes weeks after it emerged that unidentified actors tampered with dozens of WordPress themes and plugins hosted on a developer's website to inject a backdoor with the goal of infecting further sites.

More info
  1. Hacking Tools For Windows Free Download
  2. Pentest Automation Tools
  3. Hacker Tools Hardware
  4. Pentest Tools Subdomain
  5. Hack Tools For Windows
  6. Hacking Tools Windows 10
  7. Hack Tools For Mac
  8. Pentest Tools Nmap
  9. Hack Tools Mac
  10. Pentest Tools Linux
  11. Hacking Tools For Windows
  12. Pentest Tools Url Fuzzer
  13. Hacking App
  14. Pentest Tools Bluekeep
  15. Pentest Reporting Tools
  16. Computer Hacker
  17. Pentest Tools Website Vulnerability
  18. Hacker Tools Linux
  19. Hacking Tools
  20. Hacker Security Tools
  21. Hacker Tools
  22. Hacker Tools Free Download
  23. Hacking Tools 2019
  24. Hacking Tools Windows
  25. Pentest Tools Download
  26. Hack Tools For Windows
  27. Pentest Tools Review
  28. Hack Tools For Pc
  29. Hack And Tools
  30. Github Hacking Tools
  31. Hacking Tools Windows
  32. Hacker Tools 2019
  33. Hacker Tools Windows
  34. Hacker Security Tools
  35. Hacker
  36. Physical Pentest Tools
  37. Usb Pentest Tools
  38. Pentest Tools List
  39. What Is Hacking Tools
  40. Hacker Techniques Tools And Incident Handling
  41. Pentest Box Tools Download
  42. Best Pentesting Tools 2018
  43. Hack Tools 2019
  44. How To Make Hacking Tools
  45. Pentest Tools For Android
  46. What Are Hacking Tools
  47. New Hack Tools
  48. Hack Tools Pc
  49. Pentest Tools Windows
  50. Android Hack Tools Github
  51. Hacker Tools Online
  52. Hacker Tools Free
  53. Hacking Tools
  54. Hacking Tools 2019
  55. Hacker Tool Kit
  56. Hack Apps
  57. Free Pentest Tools For Windows
  58. Hacking Tools Windows 10
  59. Pentest Tools For Windows
  60. Pentest Tools For Mac
  61. Hacking Tools For Windows
  62. Pentest Tools Subdomain
  63. Hacker Tools Github
  64. Pentest Tools Online
  65. Beginner Hacker Tools
  66. Hackrf Tools
  67. Pentest Tools Bluekeep
  68. Pentest Tools Find Subdomains
  69. Tools 4 Hack
  70. What Is Hacking Tools
  71. New Hacker Tools
  72. Pentest Tools For Ubuntu
  73. Hacking Tools Windows 10
  74. Hacker Tools For Windows
  75. Hack Tools For Windows
  76. Growth Hacker Tools
  77. Hacks And Tools
  78. Hacking Tools Mac
  79. Pentest Tools For Mac
  80. Hacking Tools Mac
  81. Beginner Hacker Tools
  82. New Hacker Tools
  83. Hack Website Online Tool
  84. Top Pentest Tools
  85. Best Pentesting Tools 2018
  86. Hacker Tools
  87. Hacking Tools For Mac
  88. Hack Tools 2019
  89. Wifi Hacker Tools For Windows
  90. Pentest Automation Tools
  91. Hack Tools For Pc
  92. Termux Hacking Tools 2019
  93. Pentest Tools Website
  94. Hacking Tools For Games
  95. How To Make Hacking Tools
  96. Android Hack Tools Github
  97. Tools 4 Hack
  98. Hacking Tools 2020
  99. Black Hat Hacker Tools
  100. Pentest Tools Linux
  101. Pentest Tools Website Vulnerability
  102. Hacking Tools For Kali Linux
  103. Pentest Recon Tools
  104. Pentest Recon Tools
  105. Kik Hack Tools
  106. Hack Tools Pc
  107. Hacker Techniques Tools And Incident Handling
  108. Hacking Tools 2019
  109. Pentest Tools Subdomain
  110. New Hacker Tools
  111. Pentest Automation Tools
  112. Hack Tools Pc
  113. Pentest Reporting Tools
  114. Termux Hacking Tools 2019
  115. Pentest Tools Open Source
  116. Blackhat Hacker Tools
  117. Hacking Tools Kit
  118. Pentest Tools Free
  119. Growth Hacker Tools
  120. Hacker Security Tools
  121. New Hacker Tools
  122. Pentest Tools Online
  123. Game Hacking
  124. Hacks And Tools
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)