Critical Bug Found In WordPress Plugin For Elementor With Over A Million Installations

 

A WordPress plugin with over one million installs has been found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites.

The plugin in question is Essential Addons for Elementor, which provides WordPress site owners with a library of over 80 elements and extensions to help design and customize pages and posts.

"This vulnerability allows any user, regardless of their authentication or authorization status, to perform a local file inclusion attack," Patchstack said in a report. "This attack can be used to include local files on the filesystem of the website, such as /etc/passwd. This can also be used to perform RCE by including a file with malicious PHP code that normally cannot be executed."

That said, the vulnerability only exists if widgets like dynamic gallery and product gallery are used, which utilize the vulnerable function, resulting in local file inclusion – an attack technique in which a web application is tricked into exposing or running arbitrary files on the webserver.

The flaw impacts all versions of the addon from 5.0.4 and below, and credited with discovering the vulnerability is researcher Wai Yan Myo Thet. Following responsible disclosure, the security hole was finally plugged in version 5.0.5 released on January 28 "after several insufficient patches."

The development comes weeks after it emerged that unidentified actors tampered with dozens of WordPress themes and plugins hosted on a developer's website to inject a backdoor with the goal of infecting further sites.

Related links

1. New Hacker Tools
2. Hacking Tools
3. Hack Tools Mac
4. Hacker Tools Free Download
5. New Hack Tools
6. Pentest Tools For Mac
7. Free Pentest Tools For Windows
8. Blackhat Hacker Tools
9. Kik Hack Tools
10. Install Pentest Tools Ubuntu
11. Hacker Tools Apk
12. Hacking Tools Kit
13. Nsa Hack Tools Download
14. Free Pentest Tools For Windows
15. Hacker Tools List
16. Hacking Tools Windows 10
17. Hack Tools Online
18. Hacking Tools Online
19. Hacker Tools 2020
20. Android Hack Tools Github
21. Hacking Tools For Windows 7
22. Hacking Tools Download
23. Hacker Tools For Mac
24. Pentest Tools Free
25. Ethical Hacker Tools
26. Hacking Tools Windows
27. Pentest Tools For Mac
28. What Is Hacking Tools
29. Hacking Tools Kit
30. New Hack Tools
31. Ethical Hacker Tools
32. Pentest Tools List
33. Hacker Tools List
34. Hacker Tools List
35. Hacking Tools For Windows 7
36. Hacker Tools 2020
37. Physical Pentest Tools
38. Hacking Tools Pc
39. Pentest Tools Kali Linux
40. Hack Tools For Mac
41. Android Hack Tools Github
42. Pentest Tools Url Fuzzer
43. Pentest Tools Port Scanner
44. Pentest Tools Alternative
45. Pentest Tools Port Scanner
46. Tools 4 Hack
47. Pentest Tools Linux
48. Hack Tool Apk No Root
49. Hacker Tools
50. Hack Tools Mac
51. Hacking Tools Windows 10
52. Hack Tools For Pc
53. Hacker Tools For Mac
54. Pentest Tools Framework
55. Hacker Tools For Mac
56. Wifi Hacker Tools For Windows
57. Hacking Tools Name
58. Pentest Tools
59. Hack And Tools
60. What Are Hacking Tools
61. How To Install Pentest Tools In Ubuntu
62. Hacker Tools 2020
63. Hacker Tools Apk
64. What Are Hacking Tools
65. Hack Tools Download
66. Tools 4 Hack
67. Hacker Tools Github
68. Hacking Tools For Mac
69. Pentest Tools Website
70. Hacker Tools Software
71. Hack Tools Online
72. Hackers Toolbox
73. Hackers Toolbox
74. Game Hacking