Sunday, January 28, 2024

Critical Bug Found In WordPress Plugin For Elementor With Over A Million Installations

 


A WordPress plugin with over one million installs has been found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites.

The plugin in question is Essential Addons for Elementor, which provides WordPress site owners with a library of over 80 elements and extensions to help design and customize pages and posts.

"This vulnerability allows any user, regardless of their authentication or authorization status, to perform a local file inclusion attack," Patchstack said in a report. "This attack can be used to include local files on the filesystem of the website, such as /etc/passwd. This can also be used to perform RCE by including a file with malicious PHP code that normally cannot be executed."

That said, the vulnerability only exists if widgets like dynamic gallery and product gallery are used, which utilize the vulnerable function, resulting in local file inclusion – an attack technique in which a web application is tricked into exposing or running arbitrary files on the webserver.

The flaw impacts all versions of the addon from 5.0.4 and below, and credited with discovering the vulnerability is researcher Wai Yan Myo Thet. Following responsible disclosure, the security hole was finally plugged in version 5.0.5 released on January 28 "after several insufficient patches."

The development comes weeks after it emerged that unidentified actors tampered with dozens of WordPress themes and plugins hosted on a developer's website to inject a backdoor with the goal of infecting further sites.

More information
  1. Termux Hacking Tools 2019
  2. Top Pentest Tools
  3. Pentest Tools Review
  4. Hack Rom Tools
  5. Hacking Tools Windows 10
  6. Free Pentest Tools For Windows
  7. Wifi Hacker Tools For Windows
  8. How To Hack
  9. Blackhat Hacker Tools
  10. Hack And Tools
  11. Pentest Recon Tools
  12. Pentest Tools Framework
  13. Pentest Tools Kali Linux
  14. Pentest Recon Tools
  15. Hacker Tools For Windows
  16. Growth Hacker Tools
  17. Bluetooth Hacking Tools Kali
  18. Pentest Tools
  19. Hacking Tools Usb
  20. Pentest Box Tools Download
  21. Pentest Tools Website Vulnerability
  22. Underground Hacker Sites
  23. Hacker Tools Apk
  24. Hack Website Online Tool
  25. What Are Hacking Tools
  26. Pentest Tools Subdomain
  27. Free Pentest Tools For Windows
  28. Hacker Tool Kit
  29. Hacker Tools Linux
  30. Hacking Apps
  31. Hacking Apps
  32. Top Pentest Tools
  33. Best Hacking Tools 2020
  34. Pentest Tools Framework
  35. Black Hat Hacker Tools
  36. Pentest Tools Free
  37. Pentest Tools Nmap
  38. Hacking Tools Free Download
  39. Install Pentest Tools Ubuntu
  40. Install Pentest Tools Ubuntu
  41. Hacking Tools 2020
  42. Hack Tools Download
  43. Pentest Tools Open Source
  44. Hacking Tools Pc
  45. Hack Tool Apk
  46. Pentest Tools Website
  47. Pentest Tools
  48. Pentest Tools For Android
  49. What Is Hacking Tools
  50. Pentest Tools Find Subdomains
  51. Hack Tools For Games
  52. Hacking Tools Windows
  53. Best Pentesting Tools 2018
  54. What Are Hacking Tools
  55. Usb Pentest Tools
  56. Hacker Tools Hardware
  57. Pentest Tools Url Fuzzer
  58. Pentest Tools Linux
  59. Pentest Tools Nmap
  60. Best Hacking Tools 2020
  61. Hacker Tools Free
  62. Pentest Tools Linux
  63. Pentest Tools Linux
  64. Hacking Tools For Kali Linux
  65. Physical Pentest Tools
  66. Pentest Box Tools Download
  67. Hack App
  68. Pentest Tools For Android
  69. Pentest Tools Url Fuzzer
  70. Ethical Hacker Tools
  71. Hacker Tools Software
  72. Termux Hacking Tools 2019
  73. What Are Hacking Tools
  74. Hacking Tools Kit
  75. Pentest Tools List
  76. Hacking Tools Usb
  77. Pentest Tools Website Vulnerability
  78. Hack Tools For Ubuntu
  79. Game Hacking
  80. Hacking Tools 2020
  81. Hacking Tools For Beginners
  82. Best Pentesting Tools 2018
  83. Hacking Tools And Software
  84. Pentest Tools Kali Linux
  85. Hack Website Online Tool
  86. Github Hacking Tools
  87. Hacker Techniques Tools And Incident Handling
  88. Pentest Tools Open Source
  89. Free Pentest Tools For Windows
  90. Hacker Tools Windows
  91. Hack Tools For Ubuntu
  92. Hack Tool Apk No Root
  93. Pentest Tools Github
  94. Bluetooth Hacking Tools Kali
  95. Hacking Tools Windows
  96. Pentest Automation Tools
  97. Pentest Recon Tools
  98. Beginner Hacker Tools
  99. Install Pentest Tools Ubuntu
  100. Hack Tools For Pc
  101. Physical Pentest Tools
  102. Bluetooth Hacking Tools Kali
  103. Hack Tools For Windows
  104. Hack Website Online Tool
  105. Pentest Tools Url Fuzzer
  106. Hackrf Tools
  107. Hacker Tools List
  108. Hacking App
  109. Hacker Tools For Mac
  110. Hacking Tools Hardware
  111. Pentest Reporting Tools
  112. Blackhat Hacker Tools
  113. Beginner Hacker Tools
  114. Hack Tools Mac
  115. Hacker Tools Software
  116. Hacking Tools For Beginners
  117. Hacker Tools Free Download
  118. Pentest Tools For Windows
  119. World No 1 Hacker Software
  120. Hacker Tools
  121. Hackrf Tools
  122. Hacker Tool Kit
  123. Hacking Tools Online
  124. Hacker Tools Windows
  125. Hack Website Online Tool
  126. What Are Hacking Tools
  127. Pentest Tools Review
  128. Hacker Tools 2020
  129. Blackhat Hacker Tools
  130. Tools For Hacker
  131. Hacker Tools 2020
  132. Hacking Tools For Windows
  133. Hack Tool Apk No Root
  134. Pentest Tools Apk
  135. Hack Tools For Windows
  136. Hacking Tools Mac
  137. Usb Pentest Tools
  138. Pentest Tools Find Subdomains
  139. Hacking Tools Mac
  140. New Hack Tools
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)