A WordPress plugin with over one million installs has been found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites.
The plugin in question is Essential Addons for Elementor, which provides WordPress site owners with a library of over 80 elements and extensions to help design and customize pages and posts.
"This vulnerability allows any user, regardless of their authentication or authorization status, to perform a local file inclusion attack," Patchstack said in a report. "This attack can be used to include local files on the filesystem of the website, such as /etc/passwd. This can also be used to perform RCE by including a file with malicious PHP code that normally cannot be executed."
That said, the vulnerability only exists if widgets like dynamic gallery and product gallery are used, which utilize the vulnerable function, resulting in local file inclusion – an attack technique in which a web application is tricked into exposing or running arbitrary files on the webserver.
The flaw impacts all versions of the addon from 5.0.4 and below, and credited with discovering the vulnerability is researcher Wai Yan Myo Thet. Following responsible disclosure, the security hole was finally plugged in version 5.0.5 released on January 28 "after several insufficient patches."
The development comes weeks after it emerged that unidentified actors tampered with dozens of WordPress themes and plugins hosted on a developer's website to inject a backdoor with the goal of infecting further sites.
Related word
- Hacker Tools For Pc
- Hacker Tools For Mac
- Hacking Tools Name
- Hacker Techniques Tools And Incident Handling
- Usb Pentest Tools
- Hacking Tools Name
- Underground Hacker Sites
- Pentest Tools Windows
- Pentest Tools Framework
- Easy Hack Tools
- Hacking Apps
- Pentest Tools Website Vulnerability
- Hacker Tools Apk Download
- Hacker Hardware Tools
- Hacker Tool Kit
- Hacking Tools Windows
- Pentest Tools Github
- Hacker Tools Apk
- Hacking Tools For Games
- Pentest Automation Tools
- Hacker Tools For Mac
- Pentest Tools For Android
- Physical Pentest Tools
- Pentest Tools Framework
- Bluetooth Hacking Tools Kali
- Pentest Tools Review
- Hack Website Online Tool
- Github Hacking Tools
- Hack Tools For Pc
- What Is Hacking Tools
- Game Hacking
- Hackrf Tools
- Free Pentest Tools For Windows
- Hack Tool Apk No Root
- Hacker Tools Hardware
- How To Hack
- Physical Pentest Tools
- Pentest Tools For Mac
- Pentest Tools For Android
- Physical Pentest Tools
- Pentest Tools Review
- What Is Hacking Tools
- Best Pentesting Tools 2018
- Hacker Security Tools
- Best Hacking Tools 2020
- Hacking Tools Hardware
- Pentest Tools Review
- Wifi Hacker Tools For Windows
- Hacker Tools Free
- Free Pentest Tools For Windows
- What Are Hacking Tools
- Pentest Tools Find Subdomains
- Pentest Tools Website Vulnerability
- Hack App
- Hacker Search Tools
- Blackhat Hacker Tools
- Hacking Tools Mac
- Pentest Tools Website Vulnerability
- Hacker Tools Software
- Best Hacking Tools 2020
- Usb Pentest Tools
- How To Make Hacking Tools
- Pentest Tools Github
- Hacking Tools And Software
- Hacking Tools Pc
- Hacks And Tools
- Hack Tools
- Pentest Tools Nmap
- Hack Tools For Mac
- Physical Pentest Tools
- Hack Tools
- Free Pentest Tools For Windows
- Hacking Apps
- Pentest Tools For Android
- Pentest Tools Review
- Hack Tools For Windows
- Hacking Tools For Pc
- Underground Hacker Sites
- Nsa Hack Tools Download
- Hack Tool Apk
- Pentest Tools Nmap
- Pentest Tools Website
- Hacker Tool Kit
- Hacker Tools Hardware
- Hacker Hardware Tools
- Hacking Tools For Mac
- Hacking Tools Name
- Pentest Reporting Tools
- Pentest Tools Url Fuzzer
- Hacker Tools Apk Download
- Hacker Tools Windows
- Hack Tools For Mac
- Hack Tools 2019
- Pentest Tools Nmap
- Physical Pentest Tools
- Hacking Tools Pc
- Tools 4 Hack
- Hacking Tools Github
- Hacker Tools Online
- Hacking Tools For Windows Free Download
- Best Hacking Tools 2019
- Hacking Tools Mac
- Tools For Hacker
- Hacker Tools
- New Hacker Tools
- Hacking Tools 2020
- How To Hack
- Hack Tools For Pc
- Pentest Tools Apk
- Usb Pentest Tools
- Hacker Tools For Ios
- Hacking Tools For Windows 7
- Hack Tools For Ubuntu
- Hack Tools For Games
- Pentest Reporting Tools
- Growth Hacker Tools
- Hacker Tools Hardware
- Hacking Tools Windows 10
- Hack Tools For Pc
- Hacker Techniques Tools And Incident Handling
- Hack Tool Apk No Root
- Black Hat Hacker Tools
- Hak5 Tools
- Hack Tools For Games
- Pentest Tools Nmap
- Hack Tools For Ubuntu
- Best Pentesting Tools 2018
- Growth Hacker Tools
- Hacking Tools For Beginners
- Nsa Hacker Tools
- Pentest Tools Bluekeep
- Hacking Tools 2019
- Hacking Tools Pc
- Hacker Tools Mac
- Hacking Tools Windows 10
- Pentest Recon Tools
- How To Make Hacking Tools
- Hacking Tools For Windows Free Download
- Hack Tools Online
- Pentest Tools Linux
- Tools 4 Hack
- Tools For Hacker
- Pentest Tools For Mac
- Pentest Tools Apk
- Underground Hacker Sites
- Top Pentest Tools
- Hack Tools For Pc
- Hacking Tools For Beginners
- Hacker Tools For Ios
- Growth Hacker Tools
- Hacker Tools Hardware
- Hack Tools Pc
- Nsa Hack Tools Download
- Pentest Tools Port Scanner
- Hacker Techniques Tools And Incident Handling
- Computer Hacker
- Pentest Tools Linux
- Termux Hacking Tools 2019
- Nsa Hack Tools
- Hacking Tools Windows
- Hacker Tools Software
- Pentest Tools
- Hacking Tools Windows 10
- Hacker Tools Github
- Pentest Recon Tools
- Hack Apps
- Hack Tools
- Hacking Tools For Kali Linux
- Hacking Tools And Software
- Beginner Hacker Tools
- Hacker Tools 2020
- Hack Tools For Mac
- Easy Hack Tools
- Hacker Tools Github
- Free Pentest Tools For Windows
- Pentest Tools Bluekeep
Nincsenek megjegyzések:
Megjegyzés küldése