Sunday, January 28, 2024

Critical Bug Found In WordPress Plugin For Elementor With Over A Million Installations

 


A WordPress plugin with over one million installs has been found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites.

The plugin in question is Essential Addons for Elementor, which provides WordPress site owners with a library of over 80 elements and extensions to help design and customize pages and posts.

"This vulnerability allows any user, regardless of their authentication or authorization status, to perform a local file inclusion attack," Patchstack said in a report. "This attack can be used to include local files on the filesystem of the website, such as /etc/passwd. This can also be used to perform RCE by including a file with malicious PHP code that normally cannot be executed."

That said, the vulnerability only exists if widgets like dynamic gallery and product gallery are used, which utilize the vulnerable function, resulting in local file inclusion – an attack technique in which a web application is tricked into exposing or running arbitrary files on the webserver.

The flaw impacts all versions of the addon from 5.0.4 and below, and credited with discovering the vulnerability is researcher Wai Yan Myo Thet. Following responsible disclosure, the security hole was finally plugged in version 5.0.5 released on January 28 "after several insufficient patches."

The development comes weeks after it emerged that unidentified actors tampered with dozens of WordPress themes and plugins hosted on a developer's website to inject a backdoor with the goal of infecting further sites.

Related news
  1. Hack Tools For Mac
  2. Black Hat Hacker Tools
  3. Tools Used For Hacking
  4. Hacker Security Tools
  5. Hack Tools Pc
  6. Pentest Tools Bluekeep
  7. Hack App
  8. Pentest Tools Apk
  9. Pentest Tools Subdomain
  10. Nsa Hack Tools Download
  11. Hacker Tools For Mac
  12. Wifi Hacker Tools For Windows
  13. Best Hacking Tools 2019
  14. Hacking Tools Windows
  15. Hacking Tools Name
  16. Pentest Tools Apk
  17. Pentest Tools Tcp Port Scanner
  18. Hacking Tools Windows 10
  19. How To Install Pentest Tools In Ubuntu
  20. Top Pentest Tools
  21. How To Hack
  22. Hack Tools Download
  23. Pentest Tools Online
  24. Hack Tools Mac
  25. Wifi Hacker Tools For Windows
  26. Hacking Tools And Software
  27. Hacker Tool Kit
  28. Kik Hack Tools
  29. Hacking Tools Pc
  30. Hacking App
  31. Nsa Hack Tools
  32. Pentest Tools Url Fuzzer
  33. Hacker Tools Online
  34. Pentest Tools Url Fuzzer
  35. Pentest Automation Tools
  36. Pentest Tools Github
  37. Hacker Tools Apk Download
  38. Hacking Tools Windows
  39. Hacking Tools For Windows 7
  40. Hacking Tools And Software
  41. How To Hack
  42. Hacking Tools Github
  43. Hacking Tools Free Download
  44. Hacker Tools 2019
  45. Physical Pentest Tools
  46. Best Hacking Tools 2020
  47. Bluetooth Hacking Tools Kali
  48. Pentest Tools Linux
  49. Hacker Tools Linux
  50. Android Hack Tools Github
  51. Hacking Tools For Pc
  52. Hacker Tools
  53. World No 1 Hacker Software
  54. Hacker Tools Free
  55. Hack Tools For Ubuntu
  56. What Is Hacking Tools
  57. Pentest Tools For Windows
  58. Ethical Hacker Tools
  59. Hackers Toolbox
  60. Hack Tools For Windows
  61. Hacker Tools For Pc
  62. Hacker Tools Free Download
  63. Hack Tools For Mac
  64. New Hacker Tools
  65. Hacker Techniques Tools And Incident Handling
  66. Pentest Tools
  67. Pentest Tools Nmap
  68. Hack Tools Github
  69. Computer Hacker
  70. Hack And Tools
  71. Hacking Tools Pc
  72. What Is Hacking Tools
  73. Wifi Hacker Tools For Windows
  74. Hacks And Tools
  75. Hackrf Tools
  76. Hack App
  77. Pentest Tools Subdomain
  78. Hacker Tools Software
  79. What Are Hacking Tools
  80. Hacking Tools
  81. Pentest Tools For Mac
  82. Hacking Tools For Mac
  83. Hacker Tools Linux
  84. Hacking Tools For Windows Free Download
  85. Pentest Tools Bluekeep
  86. Pentest Tools Nmap
  87. Hacker Tools 2019
  88. What Is Hacking Tools
  89. Hacker Tools Free
  90. Hacker Tools 2019
  91. Pentest Tools Find Subdomains
  92. Pentest Tools Windows
  93. Pentest Tools Nmap
  94. Growth Hacker Tools
  95. Nsa Hacker Tools
  96. Pentest Tools Kali Linux
  97. Hacker Tools Software
  98. What Are Hacking Tools
  99. Best Hacking Tools 2020
  100. Hack Tools Github
  101. Github Hacking Tools
  102. Pentest Tools Nmap
  103. Pentest Recon Tools
  104. Hack Tools
  105. Hack Website Online Tool
  106. Pentest Tools Github
  107. Hacking Tools Kit
  108. Wifi Hacker Tools For Windows
  109. New Hack Tools
  110. New Hacker Tools
  111. How To Install Pentest Tools In Ubuntu
  112. Pentest Tools Url Fuzzer
  113. Hacker
  114. Pentest Tools Nmap
  115. Hack Tool Apk
  116. Physical Pentest Tools
  117. Hack Tools
  118. Hacker Security Tools
  119. Pentest Tools
  120. Hacking Tools For Kali Linux
  121. Computer Hacker
  122. Pentest Tools Website
  123. Hacker Tools Github
  124. Pentest Tools Windows
  125. Pentest Recon Tools
  126. Pentest Tools Website
  127. Nsa Hacker Tools
  128. Hacker Hardware Tools
  129. Github Hacking Tools
  130. Best Hacking Tools 2020
  131. Hack Tools For Pc
  132. Hack Apps
  133. Pentest Tools Website
  134. Hacking Tools 2020
  135. Hacker Tools 2019
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)