A WordPress plugin with over one million installs has been found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites.
The plugin in question is Essential Addons for Elementor, which provides WordPress site owners with a library of over 80 elements and extensions to help design and customize pages and posts.
"This vulnerability allows any user, regardless of their authentication or authorization status, to perform a local file inclusion attack," Patchstack said in a report. "This attack can be used to include local files on the filesystem of the website, such as /etc/passwd. This can also be used to perform RCE by including a file with malicious PHP code that normally cannot be executed."
That said, the vulnerability only exists if widgets like dynamic gallery and product gallery are used, which utilize the vulnerable function, resulting in local file inclusion – an attack technique in which a web application is tricked into exposing or running arbitrary files on the webserver.
The flaw impacts all versions of the addon from 5.0.4 and below, and credited with discovering the vulnerability is researcher Wai Yan Myo Thet. Following responsible disclosure, the security hole was finally plugged in version 5.0.5 released on January 28 "after several insufficient patches."
The development comes weeks after it emerged that unidentified actors tampered with dozens of WordPress themes and plugins hosted on a developer's website to inject a backdoor with the goal of infecting further sites.
Related articles- Hack Tools Github
- Hacks And Tools
- World No 1 Hacker Software
- Hack Tools For Windows
- Pentest Tools Nmap
- Bluetooth Hacking Tools Kali
- Hack Tools Online
- Hack Tool Apk
- Pentest Box Tools Download
- Hacking Tools Usb
- Tools For Hacker
- Pentest Tools Review
- Pentest Tools Subdomain
- Pentest Tools Bluekeep
- Hak5 Tools
- Hacking Tools
- Hacking Tools And Software
- Pentest Tools Framework
- Pentest Recon Tools
- Hacker Tools
- Hacker Tools For Mac
- Hacker Tools Apk
- Hacking App
- Hack App
- Hacking Tools Windows 10
- Hack Tool Apk No Root
- Pentest Tools Alternative
- Pentest Tools Review
- Pentest Tools Tcp Port Scanner
- Nsa Hack Tools Download
- Tools 4 Hack
- Hacker Security Tools
- Hacking Tools
- Hacking Tools For Windows
- How To Install Pentest Tools In Ubuntu
- Hack Tools Pc
- World No 1 Hacker Software
- Hacker Tools List
- Hack Website Online Tool
- Pentest Tools For Windows
- Hacking Tools For Kali Linux
- Hacker Techniques Tools And Incident Handling
- Tools Used For Hacking
- Pentest Tools Find Subdomains
- Pentest Tools Windows
- Pentest Tools For Windows
- Hack Tools For Pc
- Hacker Tools For Pc
- Best Hacking Tools 2019
- Pentest Tools Website
- Android Hack Tools Github
- Nsa Hack Tools Download
- Hack Tools For Ubuntu
- Hackers Toolbox
- Hack Tools Mac
- Hacker Tools Github
- Best Pentesting Tools 2018
- Hacking Tools For Windows
- Pentest Tools Windows
- Hacker Security Tools
- Hack Tools 2019
- Hacking Tools Software
- What Are Hacking Tools
- Hacking Tools 2020
- New Hack Tools
- Hacking Tools Free Download
- Hacker Security Tools
- Tools Used For Hacking
- Pentest Tools Alternative
- Hacking Apps
- Hacker Tools Software
- Hacker Hardware Tools
- Hack Tools Pc
- Pentest Tools
- Hacking Tools Windows
- What Are Hacking Tools
- Hacker
- Hacking Tools 2019
- Pentest Tools For Ubuntu
- New Hacker Tools
- Hacking Tools For Mac
- Hack Tools For Pc
- Hacking Tools Name
- Hacking Tools Kit
- Pentest Box Tools Download
- Best Hacking Tools 2020
- Hack Tools Github
- Usb Pentest Tools
- Pentest Tools Free
- Hacking Apps
- Best Pentesting Tools 2018
- Pentest Tools Apk
- Hackers Toolbox
- Hacking Tools For Games
- Hacker
- Hacking Tools Software
- Tools 4 Hack
- Hack Rom Tools
- Hacking Tools Mac
- Hacker Tool Kit
- Pentest Tools Android
- Hacking Tools Free Download
- Blackhat Hacker Tools
- Hacking Tools Usb
- Black Hat Hacker Tools
- Hacker Tools For Pc
- Hak5 Tools
- Hacking Tools For Games
- World No 1 Hacker Software
- Pentest Tools Linux
- Hacker Hardware Tools
- Hacker Techniques Tools And Incident Handling
- Hacking Tools For Windows
- Pentest Box Tools Download
- Pentest Tools Linux
- Pentest Tools Online
- Easy Hack Tools
- Hack Tools Download
- Hack Tools Download
- Pentest Tools Subdomain
- Hack Tools Mac
- Pentest Tools Framework
- Hacker Tools Free
- Hacking Tools Github
No comments:
Post a Comment