A WordPress plugin with over one million installs has been found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites.
The plugin in question is Essential Addons for Elementor, which provides WordPress site owners with a library of over 80 elements and extensions to help design and customize pages and posts.
"This vulnerability allows any user, regardless of their authentication or authorization status, to perform a local file inclusion attack," Patchstack said in a report. "This attack can be used to include local files on the filesystem of the website, such as /etc/passwd. This can also be used to perform RCE by including a file with malicious PHP code that normally cannot be executed."
That said, the vulnerability only exists if widgets like dynamic gallery and product gallery are used, which utilize the vulnerable function, resulting in local file inclusion – an attack technique in which a web application is tricked into exposing or running arbitrary files on the webserver.
The flaw impacts all versions of the addon from 5.0.4 and below, and credited with discovering the vulnerability is researcher Wai Yan Myo Thet. Following responsible disclosure, the security hole was finally plugged in version 5.0.5 released on January 28 "after several insufficient patches."
The development comes weeks after it emerged that unidentified actors tampered with dozens of WordPress themes and plugins hosted on a developer's website to inject a backdoor with the goal of infecting further sites.
Related word
- Hacking Tools Usb
- Wifi Hacker Tools For Windows
- Hacker Tools List
- Hack Tools For Games
- Install Pentest Tools Ubuntu
- Hacking Tools For Windows
- Hacking Tools Windows 10
- Tools 4 Hack
- Hacking Tools And Software
- Bluetooth Hacking Tools Kali
- Hacker Tools Free Download
- Physical Pentest Tools
- Pentest Reporting Tools
- Hackrf Tools
- Pentest Recon Tools
- Pentest Tools Subdomain
- Hacker Tools Linux
- Hacking Tools Windows
- Nsa Hacker Tools
- Pentest Tools Apk
- Hacker Tools 2019
- Hacker Tools Apk
- Hacking Tools Mac
- Pentest Tools Download
- Pentest Recon Tools
- Pentest Tools Free
- Growth Hacker Tools
- Hacker Tools Mac
- Hack Tools For Ubuntu
- Hacker
- Hacker Tools For Mac
- Hacker Tools 2020
- Hacking Tools Hardware
- Pentest Automation Tools
- Hacking Tools Pc
- Hacker Tools For Windows
- Hacker Hardware Tools
- Hack Tools 2019
- Hacker Tools Linux
- Hacker Security Tools
- Hacker Tools Mac
- Hak5 Tools
- Best Pentesting Tools 2018
- Pentest Tools Download
- Hacking Tools Github
- New Hacker Tools
- Hackers Toolbox
- Pentest Tools Tcp Port Scanner
- Hacking Tools Name
- Hacking Tools For Mac
- How To Hack
- Pentest Tools Find Subdomains
- Usb Pentest Tools
- Pentest Tools Port Scanner
- Pentest Tools Online
- Best Hacking Tools 2019
- Pentest Tools Free
- Pentest Reporting Tools
- Hack Tools For Windows
- Pentest Tools Review
- Best Hacking Tools 2020
- Pentest Tools Url Fuzzer
- Physical Pentest Tools
- What Are Hacking Tools
- New Hack Tools
- Hacking Tools Online
- Hacker Tools Software
- Pentest Tools Review
- Hack Website Online Tool
No comments:
Post a Comment