A WordPress plugin with over one million installs has been found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites.
The plugin in question is Essential Addons for Elementor, which provides WordPress site owners with a library of over 80 elements and extensions to help design and customize pages and posts.
"This vulnerability allows any user, regardless of their authentication or authorization status, to perform a local file inclusion attack," Patchstack said in a report. "This attack can be used to include local files on the filesystem of the website, such as /etc/passwd. This can also be used to perform RCE by including a file with malicious PHP code that normally cannot be executed."
That said, the vulnerability only exists if widgets like dynamic gallery and product gallery are used, which utilize the vulnerable function, resulting in local file inclusion – an attack technique in which a web application is tricked into exposing or running arbitrary files on the webserver.
The flaw impacts all versions of the addon from 5.0.4 and below, and credited with discovering the vulnerability is researcher Wai Yan Myo Thet. Following responsible disclosure, the security hole was finally plugged in version 5.0.5 released on January 28 "after several insufficient patches."
The development comes weeks after it emerged that unidentified actors tampered with dozens of WordPress themes and plugins hosted on a developer's website to inject a backdoor with the goal of infecting further sites.
Related posts
- Termux Hacking Tools 2019
- Pentest Tools Find Subdomains
- Pentest Tools Android
- Hack Rom Tools
- Termux Hacking Tools 2019
- Hacker Tools For Mac
- Underground Hacker Sites
- Hacking App
- Hacking Tools For Mac
- Hacking Tools For Kali Linux
- Tools For Hacker
- Hacking Tools For Pc
- Termux Hacking Tools 2019
- Hacker
- Hack Tools Github
- Hacker Tools 2020
- Pentest Tools Linux
- Easy Hack Tools
- Hacking App
- Hacking Tools Github
- Hacker Tools Linux
- Hacker Tools 2019
- Hacking Tools For Kali Linux
- How To Hack
- Ethical Hacker Tools
- Pentest Tools Subdomain
- Hack Tools For Ubuntu
- Pentest Tools For Ubuntu
- How To Make Hacking Tools
- Hacking Tools 2019
- Hacks And Tools
- Hackrf Tools
- Hacking Tools Download
- Hacker Tools Hardware
- Best Hacking Tools 2019
- Hacking Tools For Windows
- Hack And Tools
- Blackhat Hacker Tools
- Hacker Tools
- Pentest Tools Download
- Hacking Apps
- Hacking Tools Download
- Pentest Tools
- Hacking Tools Hardware
- Hacker Tools
- Pentest Tools Github
- Hacking Tools For Windows 7
- Hack App
- Hack Tools For Pc
- Hacking Tools Online
- Wifi Hacker Tools For Windows
- Hacking Tools For Pc
- Hacker Tools Github
- Hack App
- Ethical Hacker Tools
- Pentest Tools Find Subdomains
- Pentest Tools Alternative
- Hacker Tools Windows
- Hacker Hardware Tools
- Hacking Tools For Windows Free Download
- Hacking Tools And Software
- Hacking Tools Name
- Hacking Tools
- Hacks And Tools
- What Are Hacking Tools
- Hacker Tools For Pc
- Hack Tools Github
- Pentest Tools Open Source
- How To Hack
- Growth Hacker Tools
- Hacking App
- Hacker Tools Windows
- Pentest Box Tools Download
- Hack Website Online Tool
- Underground Hacker Sites
- Pentest Tools Kali Linux
- Hacker Tools Linux
- Hack Website Online Tool
- Hacks And Tools
- Growth Hacker Tools
- Pentest Tools Website
No comments:
Post a Comment