Hypnotic on my Heart

A WordPress plugin with over one million installs has been found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites.

The plugin in question is Essential Addons for Elementor, which provides WordPress site owners with a library of over 80 elements and extensions to help design and customize pages and posts.

"This vulnerability allows any user, regardless of their authentication or authorization status, to perform a local file inclusion attack," Patchstack said in a report. "This attack can be used to include local files on the filesystem of the website, such as /etc/passwd. This can also be used to perform RCE by including a file with malicious PHP code that normally cannot be executed."

That said, the vulnerability only exists if widgets like dynamic gallery and product gallery are used, which utilize the vulnerable function, resulting in local file inclusion – an attack technique in which a web application is tricked into exposing or running arbitrary files on the webserver.

The flaw impacts all versions of the addon from 5.0.4 and below, and credited with discovering the vulnerability is researcher Wai Yan Myo Thet. Following responsible disclosure, the security hole was finally plugged in version 5.0.5 released on January 28 "after several insufficient patches."

The development comes weeks after it emerged that unidentified actors tampered with dozens of WordPress themes and plugins hosted on a developer's website to inject a backdoor with the goal of infecting further sites.

Related posts

1. Bluetooth Hacking Tools Kali
2. Hacking App
3. Hacking Tools
4. Pentest Tools Url Fuzzer
5. Pentest Tools Review
6. New Hacker Tools
7. Hacker Security Tools
8. Android Hack Tools Github
9. Hacker Tools List
10. Beginner Hacker Tools
11. Pentest Tools For Mac
12. Pentest Tools Tcp Port Scanner
13. Hacker Tools Apk Download
14. Hacker Tools For Ios
15. Pentest Tools Port Scanner
16. World No 1 Hacker Software
17. Hack Tools Github
18. Pentest Tools Apk
19. Hak5 Tools
20. Hack And Tools
21. Hacker Tools Github
22. Pentest Tools Review
23. Hacker Techniques Tools And Incident Handling
24. Hacker Tools For Windows
25. World No 1 Hacker Software
26. Pentest Tools Review
27. Hacker Tools Apk Download
28. Hacking Tools Github
29. Pentest Tools Find Subdomains
30. Best Pentesting Tools 2018
31. Pentest Tools Github
32. Hacker Tools Linux
33. Hackrf Tools
34. Hacker Tools Github
35. Pentest Tools Bluekeep
36. Pentest Tools Windows
37. Pentest Tools Bluekeep
38. Best Hacking Tools 2019
39. Hacking Tools 2019
40. Tools Used For Hacking
41. Hack Website Online Tool
42. Hacking Tools Kit
43. Pentest Reporting Tools
44. Hacking Tools Pc
45. Best Hacking Tools 2019
46. Hacking Tools And Software
47. Pentest Tools Apk
48. Nsa Hack Tools
49. Hack Tools For Windows
50. Hacker
51. Android Hack Tools Github
52. Pentest Tools Website
53. Hack Tools Pc
54. How To Make Hacking Tools
55. Hack Tool Apk No Root
56. Pentest Tools Nmap
57. Pentest Tools List
58. New Hacker Tools
59. Hacker Techniques Tools And Incident Handling
60. Pentest Tools Free
61. Hacking Tools Kit
62. Pentest Tools Online
63. Hacking Tools Online
64. Pentest Tools Website Vulnerability
65. Pentest Tools Open Source
66. Hacker
67. Hack Tools Mac
68. Hacker Techniques Tools And Incident Handling
69. Hack Tools For Ubuntu
70. Hack Tools Github
71. Pentest Automation Tools
72. Tools For Hacker
73. Hacking Tools Github

Posted by K. Lianne on Friday, May 26, 2023 at 6:48 PM | Permalink