A WordPress plugin with over one million installs has been found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites.
The plugin in question is Essential Addons for Elementor, which provides WordPress site owners with a library of over 80 elements and extensions to help design and customize pages and posts.
"This vulnerability allows any user, regardless of their authentication or authorization status, to perform a local file inclusion attack," Patchstack said in a report. "This attack can be used to include local files on the filesystem of the website, such as /etc/passwd. This can also be used to perform RCE by including a file with malicious PHP code that normally cannot be executed."
That said, the vulnerability only exists if widgets like dynamic gallery and product gallery are used, which utilize the vulnerable function, resulting in local file inclusion – an attack technique in which a web application is tricked into exposing or running arbitrary files on the webserver.
The flaw impacts all versions of the addon from 5.0.4 and below, and credited with discovering the vulnerability is researcher Wai Yan Myo Thet. Following responsible disclosure, the security hole was finally plugged in version 5.0.5 released on January 28 "after several insufficient patches."
The development comes weeks after it emerged that unidentified actors tampered with dozens of WordPress themes and plugins hosted on a developer's website to inject a backdoor with the goal of infecting further sites.
Related news
- Pentest Tools Url Fuzzer
- Pentest Tools List
- Usb Pentest Tools
- Hacker Tools Linux
- Hacker Tools Linux
- Hacker Tools For Windows
- Hacking Tools Online
- Pentest Tools For Windows
- Wifi Hacker Tools For Windows
- Hacking Tools Download
- Hacker Tools For Windows
- Physical Pentest Tools
- Tools Used For Hacking
- Computer Hacker
- Best Pentesting Tools 2018
- Pentest Tools Website
- Pentest Recon Tools
- Ethical Hacker Tools
- Install Pentest Tools Ubuntu
- Hak5 Tools
- Pentest Tools Github
- Pentest Box Tools Download
- Hack Tools Mac
- Pentest Tools Subdomain
- Pentest Tools Linux
- Pentest Tools Apk
- Hacker Techniques Tools And Incident Handling
- Hacker Tools Linux
- Pentest Tools Alternative
- Pentest Tools Find Subdomains
- Blackhat Hacker Tools
- Hack Apps
- Wifi Hacker Tools For Windows
- Hacker Tools For Mac
- Nsa Hacker Tools
- Pentest Tools Find Subdomains
- Hack Tools
- Pentest Tools Tcp Port Scanner
- Termux Hacking Tools 2019
- Hacker Tools List
- Tools 4 Hack
- Hacker Tools Linux
- Hacker Hardware Tools
- Hacks And Tools
- Hacker Tools For Pc
- Pentest Tools Apk
- Pentest Tools
- Top Pentest Tools
- Pentest Tools Alternative
- Hack Tools Download
- What Are Hacking Tools
- Android Hack Tools Github
- Hacking Tools And Software
- Hacker Tools For Pc
- Hacking Tools Name
- Hacker Tools For Ios
- Hacking Tools Mac
- Hacker Tools Software
- Hacking Tools Windows 10
- Termux Hacking Tools 2019
- Hacker Tools 2019
- Hacks And Tools
- Pentest Tools Open Source
- Hacking Tools Hardware
- Hack Tools Download
- Growth Hacker Tools
- Nsa Hack Tools
- Best Hacking Tools 2019
- Growth Hacker Tools
- Hacker Tools Hardware
- Hacker Tools Apk
- What Are Hacking Tools
- Hacker Hardware Tools
- Hacker Tools 2019
- Hack Tools Online
- Hacker
- Hacking Tools For Pc
- Hacker Tools Apk
- Hacking Tools For Windows Free Download
- Hacking Tools Mac
- Hack Tools Pc
- Kik Hack Tools
- Pentest Tools Nmap
- Hack Tools Github
- Hacker Tools Github
- Hacking Tools Mac
- Hacker Tools For Windows
- Best Hacking Tools 2019
- Hacking Tools Software
- Pentest Box Tools Download
- Hacker Search Tools
- Hacking Tools Windows 10
- How To Hack
- Pentest Tools Bluekeep
No comments:
Post a Comment