A WordPress plugin with over one million installs has been found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites.
The plugin in question is Essential Addons for Elementor, which provides WordPress site owners with a library of over 80 elements and extensions to help design and customize pages and posts.
"This vulnerability allows any user, regardless of their authentication or authorization status, to perform a local file inclusion attack," Patchstack said in a report. "This attack can be used to include local files on the filesystem of the website, such as /etc/passwd. This can also be used to perform RCE by including a file with malicious PHP code that normally cannot be executed."
That said, the vulnerability only exists if widgets like dynamic gallery and product gallery are used, which utilize the vulnerable function, resulting in local file inclusion – an attack technique in which a web application is tricked into exposing or running arbitrary files on the webserver.
The flaw impacts all versions of the addon from 5.0.4 and below, and credited with discovering the vulnerability is researcher Wai Yan Myo Thet. Following responsible disclosure, the security hole was finally plugged in version 5.0.5 released on January 28 "after several insufficient patches."
The development comes weeks after it emerged that unidentified actors tampered with dozens of WordPress themes and plugins hosted on a developer's website to inject a backdoor with the goal of infecting further sites.
Related articles
- Pentest Tools Nmap
- Top Pentest Tools
- Pentest Tools For Windows
- Hackers Toolbox
- Pentest Recon Tools
- Hacker Tools List
- Free Pentest Tools For Windows
- Hack Tools For Pc
- Pentest Box Tools Download
- Free Pentest Tools For Windows
- Hacking Tools
- Hacking Tools Windows
- Hack Tool Apk
- Hacker Search Tools
- Hack Tools For Windows
- Wifi Hacker Tools For Windows
- Android Hack Tools Github
- Hacking Tools Windows
- What Is Hacking Tools
- Hacking Tools For Windows
- Pentest Tools Subdomain
- Hacker Tools Online
- Hack Tools
- How To Make Hacking Tools
- Hacker Security Tools
- Hacking Tools Mac
- Pentest Tools Website
- Pentest Tools Kali Linux
- Best Hacking Tools 2019
- Hacker Tools For Windows
- Hack Tools
- Nsa Hack Tools Download
- Pentest Tools Open Source
- Hack Tool Apk No Root
- Hacker Tools Free Download
- Hackrf Tools
- Hacking Tools Name
- Pentest Tools Android
- Hack Tools
- Hack Rom Tools
- Pentest Tools Android
- Hacking Tools For Games
- Hacking Apps
- Hacking Tools For Beginners
- Pentest Tools
- Pentest Tools Online
- Hacking Tools
- Pentest Box Tools Download
- Hack Apps
- Hack Tools
- Hack Tools Github
- Hack Tool Apk No Root
- Underground Hacker Sites
- Pentest Tools Nmap
- Wifi Hacker Tools For Windows
- Hacker Tools Mac
- Hacking Tools For Kali Linux
- Hacker Tools Windows
- Pentest Tools Windows
- Pentest Tools Bluekeep
- Hacker Tools For Pc
- Pentest Tools Alternative
- Pentest Tools Nmap
- Hack Tools Online
- Hacking Tools For Windows Free Download
- Hacks And Tools
- Hacking App
- Hack Tools For Ubuntu
- Hacking Tools Free Download
- Nsa Hack Tools Download
- Black Hat Hacker Tools
- Usb Pentest Tools
- Hacker Tools Hardware
- Hacker Tools For Mac
- Hacking Tools Usb
- Hack Tool Apk No Root
- Pentest Tools For Windows
- Hacking App
- Top Pentest Tools
- Pentest Tools Subdomain
- Pentest Tools Android
- Pentest Tools Tcp Port Scanner
- Hacking Tools
- Hacking Tools Download
- Hack Tools For Windows
- Hacks And Tools
- Hack Tools
- Hacking Tools Kit
- Hack Tools Download
- Hacking Tools Usb
- Github Hacking Tools
- Hack Tools Online
- Hacking Apps
- Hacker Tools Online
- Top Pentest Tools
- Free Pentest Tools For Windows
- Hacking Tools Mac
- Game Hacking
- Hacker Tools Apk Download
- Pentest Tools Tcp Port Scanner
- Hacking Tools Free Download
- Hacker
- Hacker Tools Free
- Physical Pentest Tools
- Kik Hack Tools
- How To Install Pentest Tools In Ubuntu
- Hacker Tools For Pc
No comments:
Post a Comment