Saturday, June 3, 2023

Critical Bug Found In WordPress Plugin For Elementor With Over A Million Installations

 


A WordPress plugin with over one million installs has been found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites.

The plugin in question is Essential Addons for Elementor, which provides WordPress site owners with a library of over 80 elements and extensions to help design and customize pages and posts.

"This vulnerability allows any user, regardless of their authentication or authorization status, to perform a local file inclusion attack," Patchstack said in a report. "This attack can be used to include local files on the filesystem of the website, such as /etc/passwd. This can also be used to perform RCE by including a file with malicious PHP code that normally cannot be executed."

That said, the vulnerability only exists if widgets like dynamic gallery and product gallery are used, which utilize the vulnerable function, resulting in local file inclusion – an attack technique in which a web application is tricked into exposing or running arbitrary files on the webserver.

The flaw impacts all versions of the addon from 5.0.4 and below, and credited with discovering the vulnerability is researcher Wai Yan Myo Thet. Following responsible disclosure, the security hole was finally plugged in version 5.0.5 released on January 28 "after several insufficient patches."

The development comes weeks after it emerged that unidentified actors tampered with dozens of WordPress themes and plugins hosted on a developer's website to inject a backdoor with the goal of infecting further sites.

Related articles
  1. Hack Tools Github
  2. Hacks And Tools
  3. World No 1 Hacker Software
  4. Hack Tools For Windows
  5. Pentest Tools Nmap
  6. Bluetooth Hacking Tools Kali
  7. Hack Tools Online
  8. Hack Tool Apk
  9. Pentest Box Tools Download
  10. Hacking Tools Usb
  11. Tools For Hacker
  12. Pentest Tools Review
  13. Pentest Tools Subdomain
  14. Pentest Tools Bluekeep
  15. Hak5 Tools
  16. Hacking Tools
  17. Hacking Tools And Software
  18. Pentest Tools Framework
  19. Pentest Recon Tools
  20. Hacker Tools
  21. Hacker Tools For Mac
  22. Hacker Tools Apk
  23. Hacking App
  24. Hack App
  25. Hacking Tools Windows 10
  26. Hack Tool Apk No Root
  27. Pentest Tools Alternative
  28. Pentest Tools Review
  29. Pentest Tools Tcp Port Scanner
  30. Nsa Hack Tools Download
  31. Tools 4 Hack
  32. Hacker Security Tools
  33. Hacking Tools
  34. Hacking Tools For Windows
  35. How To Install Pentest Tools In Ubuntu
  36. Hack Tools Pc
  37. World No 1 Hacker Software
  38. Hacker Tools List
  39. Hack Website Online Tool
  40. Pentest Tools For Windows
  41. Hacking Tools For Kali Linux
  42. Hacker Techniques Tools And Incident Handling
  43. Tools Used For Hacking
  44. Pentest Tools Find Subdomains
  45. Pentest Tools Windows
  46. Pentest Tools For Windows
  47. Hack Tools For Pc
  48. Hacker Tools For Pc
  49. Best Hacking Tools 2019
  50. Pentest Tools Website
  51. Android Hack Tools Github
  52. Nsa Hack Tools Download
  53. Hack Tools For Ubuntu
  54. Hackers Toolbox
  55. Hack Tools Mac
  56. Hacker Tools Github
  57. Best Pentesting Tools 2018
  58. Hacking Tools For Windows
  59. Pentest Tools Windows
  60. Hacker Security Tools
  61. Hack Tools 2019
  62. Hacking Tools Software
  63. What Are Hacking Tools
  64. Hacking Tools 2020
  65. New Hack Tools
  66. Hacking Tools Free Download
  67. Hacker Security Tools
  68. Tools Used For Hacking
  69. Pentest Tools Alternative
  70. Hacking Apps
  71. Hacker Tools Software
  72. Hacker Hardware Tools
  73. Hack Tools Pc
  74. Pentest Tools
  75. Hacking Tools Windows
  76. What Are Hacking Tools
  77. Hacker
  78. Hacking Tools 2019
  79. Pentest Tools For Ubuntu
  80. New Hacker Tools
  81. Hacking Tools For Mac
  82. Hack Tools For Pc
  83. Hacking Tools Name
  84. Hacking Tools Kit
  85. Pentest Box Tools Download
  86. Best Hacking Tools 2020
  87. Hack Tools Github
  88. Usb Pentest Tools
  89. Pentest Tools Free
  90. Hacking Apps
  91. Best Pentesting Tools 2018
  92. Pentest Tools Apk
  93. Hackers Toolbox
  94. Hacking Tools For Games
  95. Hacker
  96. Hacking Tools Software
  97. Tools 4 Hack
  98. Hack Rom Tools
  99. Hacking Tools Mac
  100. Hacker Tool Kit
  101. Pentest Tools Android
  102. Hacking Tools Free Download
  103. Blackhat Hacker Tools
  104. Hacking Tools Usb
  105. Black Hat Hacker Tools
  106. Hacker Tools For Pc
  107. Hak5 Tools
  108. Hacking Tools For Games
  109. World No 1 Hacker Software
  110. Pentest Tools Linux
  111. Hacker Hardware Tools
  112. Hacker Techniques Tools And Incident Handling
  113. Hacking Tools For Windows
  114. Pentest Box Tools Download
  115. Pentest Tools Linux
  116. Pentest Tools Online
  117. Easy Hack Tools
  118. Hack Tools Download
  119. Hack Tools Download
  120. Pentest Tools Subdomain
  121. Hack Tools Mac
  122. Pentest Tools Framework
  123. Hacker Tools Free
  124. Hacking Tools Github

No comments: