A WordPress plugin with over one million installs has been found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites.
The plugin in question is Essential Addons for Elementor, which provides WordPress site owners with a library of over 80 elements and extensions to help design and customize pages and posts.
"This vulnerability allows any user, regardless of their authentication or authorization status, to perform a local file inclusion attack," Patchstack said in a report. "This attack can be used to include local files on the filesystem of the website, such as /etc/passwd. This can also be used to perform RCE by including a file with malicious PHP code that normally cannot be executed."
That said, the vulnerability only exists if widgets like dynamic gallery and product gallery are used, which utilize the vulnerable function, resulting in local file inclusion – an attack technique in which a web application is tricked into exposing or running arbitrary files on the webserver.
The flaw impacts all versions of the addon from 5.0.4 and below, and credited with discovering the vulnerability is researcher Wai Yan Myo Thet. Following responsible disclosure, the security hole was finally plugged in version 5.0.5 released on January 28 "after several insufficient patches."
The development comes weeks after it emerged that unidentified actors tampered with dozens of WordPress themes and plugins hosted on a developer's website to inject a backdoor with the goal of infecting further sites.
Related articles- Hack Tools Mac
- Pentest Recon Tools
- Hacker Tools Online
- Hacker Tools Apk Download
- Hack Tools For Mac
- Hack Tools Mac
- Hackers Toolbox
- Tools Used For Hacking
- Hacking Tools For Windows Free Download
- World No 1 Hacker Software
- How To Install Pentest Tools In Ubuntu
- Hacking Tools For Games
- Pentest Tools Nmap
- Hak5 Tools
- Hacker
- Hackrf Tools
- Pentest Tools Tcp Port Scanner
- Hak5 Tools
- Pentest Tools Download
- Hacker Tools Free
- Kik Hack Tools
- Hacker
- Hacking Tools Software
- Pentest Tools Review
- Pentest Tools Tcp Port Scanner
- Hacker Tools For Windows
- Pentest Tools Find Subdomains
- Hacking Tools Name
- Pentest Tools Open Source
- Hack Tools Github
- Hacker Techniques Tools And Incident Handling
- What Are Hacking Tools
- Hack Tools
- Hack App
- Hacking Tools For Games
- Pentest Tools
- Nsa Hacker Tools
- Hacker Tools Linux
- World No 1 Hacker Software
- Hacker Search Tools
- Hacking Tools Software
- Hack Apps
- Pentest Tools Url Fuzzer
- Hacker Tools Hardware
- Hacking Tools For Pc
- Ethical Hacker Tools
- Hacker Tools Software
- Pentest Tools Nmap
- Pentest Tools For Android
- Hacking Tools Windows 10
- Pentest Tools Find Subdomains
- Hacker Tools Software
- Termux Hacking Tools 2019
- Pentest Tools Android
- Blackhat Hacker Tools
- What Are Hacking Tools
- Hacker Tools Online
- Hacking Tools Windows 10
- Hacker Tools For Ios
- Hacker Tools Apk Download
- Hack Tools Mac
- Tools For Hacker
- Pentest Tools Website
- Physical Pentest Tools
- Physical Pentest Tools
- Hacking Tools For Beginners
- Hacking Tools And Software
- World No 1 Hacker Software
- Hacker Tools
- Termux Hacking Tools 2019
- Hacker Tools Software
- Hack Tools 2019
- Hack Tools Github
- Bluetooth Hacking Tools Kali
- What Are Hacking Tools
- Best Hacking Tools 2020
- Hack Tools For Ubuntu
- Pentest Tools List
- Hacking Tools Software
- Bluetooth Hacking Tools Kali
- Tools For Hacker
- Pentest Tools Android
- Hacking Tools For Windows 7
- Hacking Tools Download
- Hacker Tools For Ios
- Pentest Tools Subdomain
- Underground Hacker Sites
- Hacking Tools Windows 10
- Pentest Tools Port Scanner
- Computer Hacker
- Underground Hacker Sites
- Hacking Tools Usb
- Hacking Tools For Pc
- Hack Tools For Games
- Easy Hack Tools
- Hackers Toolbox
- Hacking Tools Usb
- Hacker Tools Mac
- Top Pentest Tools
- Pentest Tools Github
- Wifi Hacker Tools For Windows
- Pentest Recon Tools
- Hacking Tools 2019
- Hacker Tool Kit
- Hacking Tools Name
- Hak5 Tools
- Beginner Hacker Tools
- Hack Tools For Ubuntu
- Hackers Toolbox
- Blackhat Hacker Tools
- Hacking Tools Hardware
- Pentest Tools Android
- Hacking Tools Mac
- Hack App
- How To Install Pentest Tools In Ubuntu
- How To Make Hacking Tools
- Pentest Tools
- Wifi Hacker Tools For Windows
- Github Hacking Tools
- Hacker Tools Free Download
- Beginner Hacker Tools
- Hack Tools Pc
- Hack And Tools
- Hack Tools For Mac
- Pentest Tools For Android
- Hack Tool Apk No Root
- Hacker Techniques Tools And Incident Handling
- Hack App
- Hacker Tools Github
- Best Hacking Tools 2019
- Hacker Tools Apk
- Hacking Tools
- Hack Tools For Games
- Hak5 Tools
- Hacker Search Tools
- Hacker Tools For Pc
- New Hacker Tools
- Pentest Tools Port Scanner
- Hacker
- Hacking Tools Github
- Hacking Tools Windows
- Hacker Tools Github
- Pentest Tools Review
- Pentest Tools Port Scanner
- Pentest Tools List
- Hacker Tools Windows
- Hacker Tools For Mac
- Hacker Security Tools
- Hacking Tools For Windows
- Tools 4 Hack
- Hacker Tools Linux
- Hacking Tools 2019
- Tools Used For Hacking
- Hacking Tools Windows
- Install Pentest Tools Ubuntu
No comments:
Post a Comment