A WordPress plugin with over one million installs has been found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites.
The plugin in question is Essential Addons for Elementor, which provides WordPress site owners with a library of over 80 elements and extensions to help design and customize pages and posts.
"This vulnerability allows any user, regardless of their authentication or authorization status, to perform a local file inclusion attack," Patchstack said in a report. "This attack can be used to include local files on the filesystem of the website, such as /etc/passwd. This can also be used to perform RCE by including a file with malicious PHP code that normally cannot be executed."
That said, the vulnerability only exists if widgets like dynamic gallery and product gallery are used, which utilize the vulnerable function, resulting in local file inclusion – an attack technique in which a web application is tricked into exposing or running arbitrary files on the webserver.
The flaw impacts all versions of the addon from 5.0.4 and below, and credited with discovering the vulnerability is researcher Wai Yan Myo Thet. Following responsible disclosure, the security hole was finally plugged in version 5.0.5 released on January 28 "after several insufficient patches."
The development comes weeks after it emerged that unidentified actors tampered with dozens of WordPress themes and plugins hosted on a developer's website to inject a backdoor with the goal of infecting further sites.
Related news- Hack Tools For Mac
- Black Hat Hacker Tools
- Tools Used For Hacking
- Hacker Security Tools
- Hack Tools Pc
- Pentest Tools Bluekeep
- Hack App
- Pentest Tools Apk
- Pentest Tools Subdomain
- Nsa Hack Tools Download
- Hacker Tools For Mac
- Wifi Hacker Tools For Windows
- Best Hacking Tools 2019
- Hacking Tools Windows
- Hacking Tools Name
- Pentest Tools Apk
- Pentest Tools Tcp Port Scanner
- Hacking Tools Windows 10
- How To Install Pentest Tools In Ubuntu
- Top Pentest Tools
- How To Hack
- Hack Tools Download
- Pentest Tools Online
- Hack Tools Mac
- Wifi Hacker Tools For Windows
- Hacking Tools And Software
- Hacker Tool Kit
- Kik Hack Tools
- Hacking Tools Pc
- Hacking App
- Nsa Hack Tools
- Pentest Tools Url Fuzzer
- Hacker Tools Online
- Pentest Tools Url Fuzzer
- Pentest Automation Tools
- Pentest Tools Github
- Hacker Tools Apk Download
- Hacking Tools Windows
- Hacking Tools For Windows 7
- Hacking Tools And Software
- How To Hack
- Hacking Tools Github
- Hacking Tools Free Download
- Hacker Tools 2019
- Physical Pentest Tools
- Best Hacking Tools 2020
- Bluetooth Hacking Tools Kali
- Pentest Tools Linux
- Hacker Tools Linux
- Android Hack Tools Github
- Hacking Tools For Pc
- Hacker Tools
- World No 1 Hacker Software
- Hacker Tools Free
- Hack Tools For Ubuntu
- What Is Hacking Tools
- Pentest Tools For Windows
- Ethical Hacker Tools
- Hackers Toolbox
- Hack Tools For Windows
- Hacker Tools For Pc
- Hacker Tools Free Download
- Hack Tools For Mac
- New Hacker Tools
- Hacker Techniques Tools And Incident Handling
- Pentest Tools
- Pentest Tools Nmap
- Hack Tools Github
- Computer Hacker
- Hack And Tools
- Hacking Tools Pc
- What Is Hacking Tools
- Wifi Hacker Tools For Windows
- Hacks And Tools
- Hackrf Tools
- Hack App
- Pentest Tools Subdomain
- Hacker Tools Software
- What Are Hacking Tools
- Hacking Tools
- Pentest Tools For Mac
- Hacking Tools For Mac
- Hacker Tools Linux
- Hacking Tools For Windows Free Download
- Pentest Tools Bluekeep
- Pentest Tools Nmap
- Hacker Tools 2019
- What Is Hacking Tools
- Hacker Tools Free
- Hacker Tools 2019
- Pentest Tools Find Subdomains
- Pentest Tools Windows
- Pentest Tools Nmap
- Growth Hacker Tools
- Nsa Hacker Tools
- Pentest Tools Kali Linux
- Hacker Tools Software
- What Are Hacking Tools
- Best Hacking Tools 2020
- Hack Tools Github
- Github Hacking Tools
- Pentest Tools Nmap
- Pentest Recon Tools
- Hack Tools
- Hack Website Online Tool
- Pentest Tools Github
- Hacking Tools Kit
- Wifi Hacker Tools For Windows
- New Hack Tools
- New Hacker Tools
- How To Install Pentest Tools In Ubuntu
- Pentest Tools Url Fuzzer
- Hacker
- Pentest Tools Nmap
- Hack Tool Apk
- Physical Pentest Tools
- Hack Tools
- Hacker Security Tools
- Pentest Tools
- Hacking Tools For Kali Linux
- Computer Hacker
- Pentest Tools Website
- Hacker Tools Github
- Pentest Tools Windows
- Pentest Recon Tools
- Pentest Tools Website
- Nsa Hacker Tools
- Hacker Hardware Tools
- Github Hacking Tools
- Best Hacking Tools 2020
- Hack Tools For Pc
- Hack Apps
- Pentest Tools Website
- Hacking Tools 2020
- Hacker Tools 2019
No comments:
Post a Comment