Wednesday, January 24, 2024

Critical Bug Found In WordPress Plugin For Elementor With Over A Million Installations

 


A WordPress plugin with over one million installs has been found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites.

The plugin in question is Essential Addons for Elementor, which provides WordPress site owners with a library of over 80 elements and extensions to help design and customize pages and posts.

"This vulnerability allows any user, regardless of their authentication or authorization status, to perform a local file inclusion attack," Patchstack said in a report. "This attack can be used to include local files on the filesystem of the website, such as /etc/passwd. This can also be used to perform RCE by including a file with malicious PHP code that normally cannot be executed."

That said, the vulnerability only exists if widgets like dynamic gallery and product gallery are used, which utilize the vulnerable function, resulting in local file inclusion – an attack technique in which a web application is tricked into exposing or running arbitrary files on the webserver.

The flaw impacts all versions of the addon from 5.0.4 and below, and credited with discovering the vulnerability is researcher Wai Yan Myo Thet. Following responsible disclosure, the security hole was finally plugged in version 5.0.5 released on January 28 "after several insufficient patches."

The development comes weeks after it emerged that unidentified actors tampered with dozens of WordPress themes and plugins hosted on a developer's website to inject a backdoor with the goal of infecting further sites.

Related posts


  1. Pentest Tools For Windows
  2. Hacker Tools List
  3. Hacker Tools 2019
  4. Hack Tools For Mac
  5. Hacker Tools 2020
  6. Pentest Tools Bluekeep
  7. Pentest Tools Online
  8. Best Hacking Tools 2019
  9. Pentest Tools Download
  10. Bluetooth Hacking Tools Kali
  11. New Hack Tools
  12. Hacking Tools Windows
  13. Hacking Tools Online
  14. Pentest Tools Review
  15. Nsa Hack Tools
  16. How To Install Pentest Tools In Ubuntu
  17. Pentest Tools Bluekeep
  18. Pentest Recon Tools
  19. Hacking Tools For Kali Linux
  20. Computer Hacker
  21. Pentest Tools List
  22. Hack Tools Github
  23. Pentest Tools Linux
  24. Computer Hacker
  25. Hacking Tools Name
  26. Best Pentesting Tools 2018
  27. Blackhat Hacker Tools
  28. Usb Pentest Tools
  29. Hacker Tools Mac
  30. Easy Hack Tools
  31. Pentest Tools Download
  32. Hacker Tools 2020
  33. Pentest Tools Tcp Port Scanner
  34. Hack Tools Pc
  35. Pentest Box Tools Download
  36. Hack And Tools
  37. Usb Pentest Tools
  38. Pentest Tools For Windows
  39. Github Hacking Tools
  40. New Hacker Tools
  41. Hacking Tools Hardware
  42. Hacker Tool Kit
  43. Usb Pentest Tools
  44. Hacking Tools Download
  45. Hack Tool Apk No Root
  46. Pentest Tools Bluekeep
  47. Hacking Tools For Mac
  48. Pentest Tools List
  49. How To Hack
  50. Black Hat Hacker Tools
  51. Hacker Tools List
  52. Physical Pentest Tools
  53. Hacking App
  54. How To Make Hacking Tools
  55. Hacker Tools Linux
  56. Hacker Tools 2019
  57. Hack And Tools
  58. Hack Website Online Tool
  59. Hacking Tools Free Download
  60. Pentest Tools Framework
  61. Computer Hacker
  62. Hack Tools For Mac
  63. Hack Tools For Mac
  64. How To Make Hacking Tools
  65. Hacking Tools For Windows Free Download
  66. Pentest Tools Free
  67. Hack Tool Apk
  68. Pentest Tools Free
  69. Pentest Tools Kali Linux
  70. Install Pentest Tools Ubuntu
  71. Hacker Search Tools
  72. Hack Tools For Mac
  73. Hack Tools 2019
  74. Hack Tools For Mac
  75. Pentest Tools Open Source
  76. Hacker Tools 2019
  77. Hack Tools Pc
  78. Hack App
  79. Hacking Tools Windows
  80. Pentest Recon Tools
  81. Hack Tools Github
  82. New Hack Tools
  83. Pentest Tools Nmap
  84. Pentest Tools Download
  85. Underground Hacker Sites
  86. Top Pentest Tools
  87. Hack Tools For Mac
  88. Best Hacking Tools 2020
  89. Hack Tools 2019
  90. Hacker Tools 2019
  91. Pentest Recon Tools
  92. Blackhat Hacker Tools
  93. Hacking Tools For Beginners
  94. Hacking Tools Kit
  95. Android Hack Tools Github
  96. Hack And Tools
  97. Hacking Tools For Windows
  98. Termux Hacking Tools 2019
  99. Hacker Tools Free
  100. New Hacker Tools
  101. Hak5 Tools
  102. Pentest Tools Alternative
  103. Pentest Reporting Tools
  104. Pentest Tools List
  105. What Is Hacking Tools
  106. Wifi Hacker Tools For Windows
  107. How To Make Hacking Tools
  108. Hack Tools Mac
  109. Game Hacking
  110. Hacking Tools For Pc
  111. Hacker Techniques Tools And Incident Handling
  112. Hack Tools For Games
  113. Pentest Tools Open Source
  114. Hacker Techniques Tools And Incident Handling
  115. Hacks And Tools
  116. Free Pentest Tools For Windows
  117. Hacker Tools 2020
  118. Kik Hack Tools
  119. Pentest Tools Alternative
  120. Pentest Tools Subdomain
  121. Pentest Tools Website Vulnerability
  122. Hackers Toolbox
  123. Hack Apps
  124. Hacker Tool Kit
  125. Pentest Tools Open Source
  126. Tools 4 Hack
  127. World No 1 Hacker Software
  128. Hack And Tools
  129. Pentest Tools Url Fuzzer
  130. Hacking Tools And Software
  131. Hackrf Tools
Posted by at