Critical Bug Found In WordPress Plugin For Elementor With Over A Million Installations

 

A WordPress plugin with over one million installs has been found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites.

The plugin in question is Essential Addons for Elementor, which provides WordPress site owners with a library of over 80 elements and extensions to help design and customize pages and posts.

"This vulnerability allows any user, regardless of their authentication or authorization status, to perform a local file inclusion attack," Patchstack said in a report. "This attack can be used to include local files on the filesystem of the website, such as /etc/passwd. This can also be used to perform RCE by including a file with malicious PHP code that normally cannot be executed."

That said, the vulnerability only exists if widgets like dynamic gallery and product gallery are used, which utilize the vulnerable function, resulting in local file inclusion – an attack technique in which a web application is tricked into exposing or running arbitrary files on the webserver.

The flaw impacts all versions of the addon from 5.0.4 and below, and credited with discovering the vulnerability is researcher Wai Yan Myo Thet. Following responsible disclosure, the security hole was finally plugged in version 5.0.5 released on January 28 "after several insufficient patches."

The development comes weeks after it emerged that unidentified actors tampered with dozens of WordPress themes and plugins hosted on a developer's website to inject a backdoor with the goal of infecting further sites.

Related posts

1. Hack Tools 2019
2. Pentest Tools Framework
3. Hacking Tools 2019
4. Hacker Tools Windows
5. Top Pentest Tools
6. Pentest Tools Kali Linux
7. Hacking Tools Software
8. Tools For Hacker
9. Blackhat Hacker Tools
10. Hacker Tools Free Download
11. Pentest Recon Tools
12. What Is Hacking Tools
13. Free Pentest Tools For Windows
14. Pentest Tools For Mac
15. Hacking Tools Pc
16. Top Pentest Tools
17. Hacking Tools For Beginners
18. Hacking Tools For Windows Free Download
19. Hacking Tools For Windows Free Download
20. Hack Tools
21. Hacker Tools For Ios
22. Hackers Toolbox
23. Pentest Tools Apk
24. Hacking Tools For Windows Free Download
25. Hacking Tools 2019
26. Computer Hacker
27. Best Pentesting Tools 2018
28. Hack Tools Mac
29. Hacker Hardware Tools
30. Hack Tools Pc
31. Pentest Tools Android
32. Hack Apps
33. Hack Tool Apk
34. Hacker Tools 2019
35. What Are Hacking Tools
36. Pentest Tools For Mac
37. Hack Tool Apk
38. Best Pentesting Tools 2018
39. Hacker Tools
40. Hacking Tools Online
41. Hacker Tools For Windows
42. Computer Hacker
43. Hacker Tools Hardware
44. Hack Tools 2019
45. Pentest Tools Linux
46. Hacker Tools 2019
47. Nsa Hack Tools Download
48. Pentest Tools For Mac
49. Pentest Tools Kali Linux
50. Hacking Apps
51. Hack App
52. Best Hacking Tools 2020
53. Hack Tools For Pc
54. Hack Tools For Pc
55. Hack App
56. Pentest Tools Url Fuzzer
57. Nsa Hack Tools Download
58. Pentest Tools Port Scanner
59. Tools 4 Hack
60. Hacker Tools Apk Download
61. Hacker Techniques Tools And Incident Handling
62. Hack Tools Online
63. Underground Hacker Sites
64. Install Pentest Tools Ubuntu
65. Hacker Tools Linux
66. Hacking Tools Windows
67. Hacker
68. Hacker Tools 2020
69. Pentest Tools Download
70. Pentest Box Tools Download
71. Termux Hacking Tools 2019
72. Tools Used For Hacking
73. How To Make Hacking Tools
74. Pentest Tools Open Source
75. Hacker Tools Github
76. Github Hacking Tools
77. Hacker Techniques Tools And Incident Handling
78. World No 1 Hacker Software
79. Tools Used For Hacking
80. Pentest Tools Kali Linux