A WordPress plugin with over one million installs has been found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites.
The plugin in question is Essential Addons for Elementor, which provides WordPress site owners with a library of over 80 elements and extensions to help design and customize pages and posts.
"This vulnerability allows any user, regardless of their authentication or authorization status, to perform a local file inclusion attack," Patchstack said in a report. "This attack can be used to include local files on the filesystem of the website, such as /etc/passwd. This can also be used to perform RCE by including a file with malicious PHP code that normally cannot be executed."
That said, the vulnerability only exists if widgets like dynamic gallery and product gallery are used, which utilize the vulnerable function, resulting in local file inclusion – an attack technique in which a web application is tricked into exposing or running arbitrary files on the webserver.
The flaw impacts all versions of the addon from 5.0.4 and below, and credited with discovering the vulnerability is researcher Wai Yan Myo Thet. Following responsible disclosure, the security hole was finally plugged in version 5.0.5 released on January 28 "after several insufficient patches."
The development comes weeks after it emerged that unidentified actors tampered with dozens of WordPress themes and plugins hosted on a developer's website to inject a backdoor with the goal of infecting further sites.
Related links
- Hacking Tools 2019
- Hack App
- Hacking Tools For Pc
- Tools For Hacker
- Pentest Tools Port Scanner
- Hack Tools For Ubuntu
- Nsa Hack Tools
- Usb Pentest Tools
- Hacking Apps
- Hack And Tools
- Hacker Tools Free
- Pentest Tools Online
- Pentest Tools For Windows
- Pentest Tools Subdomain
- Hacker Tools Github
- Hacking Tools For Games
- Hackers Toolbox
- Hacking Tools For Windows 7
- Hacking App
- Pentest Tools Android
- Tools Used For Hacking
- Hacking Tools Windows
- Hacking Tools Software
- Ethical Hacker Tools
- Hacking Tools Pc
- Hacking App
- Best Hacking Tools 2019
- Hacks And Tools
- What Is Hacking Tools
- Pentest Tools For Mac
- Pentest Tools Online
- Pentest Tools Review
- Pentest Tools Tcp Port Scanner
- Hacker Tools Free
- Hacking Tools Hardware
- Best Hacking Tools 2019
- Hack Tools Pc
- Hacker Tools Hardware
- Hacker Tools Linux
- Pentest Tools Website Vulnerability
- Hacker Tools Hardware
- Hacking Tools Name
- World No 1 Hacker Software
- Hacker Tools
- Pentest Tools Find Subdomains
- Underground Hacker Sites
- Best Hacking Tools 2019
- Free Pentest Tools For Windows
- Hack Tools For Mac
- Hacking App
- Hacking Tools For Windows Free Download
- Hacking Tools For Beginners
- Pentest Tools For Ubuntu
- Hacker Tools Hardware
- Wifi Hacker Tools For Windows
- Pentest Tools Android
- Tools Used For Hacking
- Hacking Tools Github
- Pentest Reporting Tools
- Termux Hacking Tools 2019
- Pentest Tools Website Vulnerability
- Pentest Tools Tcp Port Scanner
- Hacking Tools Windows
- Hacker Tools 2020
- Nsa Hack Tools
- Pentest Reporting Tools
- Computer Hacker
- Pentest Tools Framework
- Pentest Box Tools Download
- Pentest Tools For Mac
- Hacker Tools Online
- Pentest Tools Subdomain
- Hacker Tools
- Tools For Hacker
- Hacking Tools 2019
- Pentest Tools Open Source
- Hack Tools Github
- Hack Apps
- Hacking Tools Online
- Best Hacking Tools 2019
- Hack Apps
- Hacker Hardware Tools
- Hacker Tools Free
- Nsa Hacker Tools
- Game Hacking
- World No 1 Hacker Software
- Hack Tools For Windows
- Game Hacking
- Pentest Tools Subdomain
- Nsa Hacker Tools
- Pentest Tools Subdomain
- Underground Hacker Sites
- Pentest Tools Find Subdomains
- How To Hack
- Hack Tools Online
- Hack And Tools
- Hack Tools 2019
- Hacker Tools Free
- Hacker Tools For Ios
- Game Hacking
- Hacker Tools Free Download
- Pentest Tools For Mac
- Computer Hacker
- What Is Hacking Tools
- Pentest Tools Apk
- Hack Tools Github
- Hacker Tools List
- Hacks And Tools
- Hack Tools
- Hacking Tools For Windows
- Hacking Tools Mac
0 comments:
Post a Comment