A WordPress plugin with over one million installs has been found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites.
The plugin in question is Essential Addons for Elementor, which provides WordPress site owners with a library of over 80 elements and extensions to help design and customize pages and posts.
"This vulnerability allows any user, regardless of their authentication or authorization status, to perform a local file inclusion attack," Patchstack said in a report. "This attack can be used to include local files on the filesystem of the website, such as /etc/passwd. This can also be used to perform RCE by including a file with malicious PHP code that normally cannot be executed."
That said, the vulnerability only exists if widgets like dynamic gallery and product gallery are used, which utilize the vulnerable function, resulting in local file inclusion – an attack technique in which a web application is tricked into exposing or running arbitrary files on the webserver.
The flaw impacts all versions of the addon from 5.0.4 and below, and credited with discovering the vulnerability is researcher Wai Yan Myo Thet. Following responsible disclosure, the security hole was finally plugged in version 5.0.5 released on January 28 "after several insufficient patches."
The development comes weeks after it emerged that unidentified actors tampered with dozens of WordPress themes and plugins hosted on a developer's website to inject a backdoor with the goal of infecting further sites.
Related news
- Hacking Tools Windows 10
- Nsa Hack Tools Download
- Hacking Apps
- Hack Tools For Pc
- Hacker Search Tools
- Hacker
- Hacker Tools Free
- Hacker Tools Online
- Hack Apps
- Hack Tools Mac
- Pentest Tools Github
- New Hacker Tools
- World No 1 Hacker Software
- Hacking Tools For Games
- Hackers Toolbox
- Pentest Tools Windows
- Hack Tools Pc
- Hack Tool Apk
- Hacker Tools For Windows
- Hacker Tools Software
- Easy Hack Tools
- Hacker Tools
- Hacking Tools Windows
- Hacker Tools Free Download
- Pentest Tools Review
- Hack And Tools
- Hack Tools For Ubuntu
- Pentest Recon Tools
- Tools For Hacker
- Hacker Tools Linux
- Hacking Tools Name
- Hacking Tools Download
- Hacker
- Hack Apps
- Hacking Tools Free Download
- Hacking Tools For Windows
- Hacker Tools Linux
- Pentest Tools Github
- Hack Tools
- Hacker Tools Apk
- Hack Tools
- Hacker Tools
- Hack Tools For Games
- Hacker Tools 2020
- World No 1 Hacker Software
- Tools For Hacker
- Pentest Tools Open Source
- Hack Website Online Tool
- Best Hacking Tools 2019
- Hacker Tools 2020
- Pentest Tools Framework
- Termux Hacking Tools 2019
- Hack Tools Online
- Kik Hack Tools
- World No 1 Hacker Software
- Black Hat Hacker Tools
- Hacking Tools
- Hacking Tools And Software
- Hacker Tools Free
- Hack Tools Mac
- Hack And Tools
- Hacking Tools Windows
- Hacking Tools Usb
- Free Pentest Tools For Windows
- Hacker Tools Mac
- Nsa Hacker Tools
- Hack Tools For Ubuntu
- Hacks And Tools
- Hack Tools For Windows
- Hacking Tools Windows 10
- Hackrf Tools
- Easy Hack Tools
- Nsa Hacker Tools
- Hacker Tools List
- Hacker Tools For Ios
- Hacking Tools Pc
- Hacking Tools For Windows 7
- Black Hat Hacker Tools
- Hak5 Tools
- Github Hacking Tools
- Kik Hack Tools
- Hacker Tools Github
- Hacker Tools Online
- Pentest Tools Subdomain
- Hacker Tools Hardware
- Hacking Tools Mac
- Hacker Tools Software
- Pentest Tools Kali Linux
- Hacker Tools Apk Download
- Hacker
- Usb Pentest Tools
- Pentest Tools Apk
- Hacker Tools Windows
- Hacker Tools For Windows
- Hackrf Tools
- Hacking Tools For Windows
- Pentest Box Tools Download
- Hacker Tools For Windows
- Hack Tools For Ubuntu
- Hacker Tools Windows
- Hacking Tools 2020
- Bluetooth Hacking Tools Kali
- Hack Apps
- Blackhat Hacker Tools
- Hacker Tool Kit
- Hacker Tools Online
- Hacker Tools Online
- Hacking Tools Download
- Ethical Hacker Tools
- Pentest Tools Port Scanner
- Hack App
- Hacking Tools For Pc
- Hacking Tools Windows 10
- Pentest Tools Apk
- Pentest Tools Website Vulnerability
- Growth Hacker Tools
- Hacking App
- New Hack Tools
- Hacker Tools List
- Hacker Search Tools
- Pentest Tools Bluekeep
- Hacking Tools Download
- Hacking Tools Software
- What Is Hacking Tools
- Bluetooth Hacking Tools Kali
- Hack Tools 2019
- Hack Tools For Windows
- Kik Hack Tools
- Hacker Tools 2019
- Black Hat Hacker Tools
- Hacking Tools Download
- Underground Hacker Sites
- Hacking Tools Kit
- Hacking Tools Download
- Hack App
- Hacker Tools Software
- Pentest Tools Open Source
- What Are Hacking Tools
- What Is Hacking Tools
- Free Pentest Tools For Windows
- Hack Tools For Windows
No comments:
Post a Comment